36708a6c0c7c3f6af20ee8134307f35514f0b4cff71324b7d0a534537ef1ea28

Analysis

max time kernel
169s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
12/11/2023, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe
Size

565KB
MD5

99d7b49c7948edb85602e0cb1e498cd0
SHA1

92c377b0921be9f4bdead0f9199ae55cd9e4378e
SHA256

36708a6c0c7c3f6af20ee8134307f35514f0b4cff71324b7d0a534537ef1ea28
SHA512

d588c34635bee4da30bb1948ccfa3dd1ba5c88ee519387b7963596a87459702b98ef1018247bb009209cd932a59360a60dd351ec22317e38f18ed101da947db3
SSDEEP

6144:mfRz03BJaRcurwZa+uBurfAB35ip2f+3mH8Rqi/MwGiiHsdmPU:mf63uRcurnJBuroB3EEm2ctM+kP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1656	WerFault.exe
1656	WerFault.exe
1656	WerFault.exe
1656	WerFault.exe
1656	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1656	2664	WerFault.exe	13

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2664	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 1656	2664	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe	31
PID 2664 wrote to memory of 1656	2664	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe	31
PID 2664 wrote to memory of 1656	2664	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe	31
PID 2664 wrote to memory of 1656	2664	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe	31

C:\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 536
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe

Filesize
571KB

MD5
fa7c6965fe2c446f6bb33c926c44488c

SHA1
41f09e70943ca12bd3fe14b2b734beacd1a26efe

SHA256
acf7f264ab346b106ac7aca1da9746fbcf94219f212b53acc6019f567dbc0524

SHA512
6bc7f385443e48a3f31ef3b372b6989dad8009ba67ff725ccf1002b3776084de7ee4331ed98d0622284827b83577663699d26b830b0297ff78b5b3c262d75267

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe

Filesize
571KB

MD5
fa7c6965fe2c446f6bb33c926c44488c

SHA1
41f09e70943ca12bd3fe14b2b734beacd1a26efe

SHA256
acf7f264ab346b106ac7aca1da9746fbcf94219f212b53acc6019f567dbc0524

SHA512
6bc7f385443e48a3f31ef3b372b6989dad8009ba67ff725ccf1002b3776084de7ee4331ed98d0622284827b83577663699d26b830b0297ff78b5b3c262d75267

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe

Filesize
571KB

MD5
fa7c6965fe2c446f6bb33c926c44488c

SHA1
41f09e70943ca12bd3fe14b2b734beacd1a26efe

SHA256
acf7f264ab346b106ac7aca1da9746fbcf94219f212b53acc6019f567dbc0524

SHA512
6bc7f385443e48a3f31ef3b372b6989dad8009ba67ff725ccf1002b3776084de7ee4331ed98d0622284827b83577663699d26b830b0297ff78b5b3c262d75267

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe

Filesize
571KB

MD5
fa7c6965fe2c446f6bb33c926c44488c

SHA1
41f09e70943ca12bd3fe14b2b734beacd1a26efe

SHA256
acf7f264ab346b106ac7aca1da9746fbcf94219f212b53acc6019f567dbc0524

SHA512
6bc7f385443e48a3f31ef3b372b6989dad8009ba67ff725ccf1002b3776084de7ee4331ed98d0622284827b83577663699d26b830b0297ff78b5b3c262d75267

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe

Filesize
571KB

MD5
fa7c6965fe2c446f6bb33c926c44488c

SHA1
41f09e70943ca12bd3fe14b2b734beacd1a26efe

SHA256
acf7f264ab346b106ac7aca1da9746fbcf94219f212b53acc6019f567dbc0524

SHA512
6bc7f385443e48a3f31ef3b372b6989dad8009ba67ff725ccf1002b3776084de7ee4331ed98d0622284827b83577663699d26b830b0297ff78b5b3c262d75267

Download Submit
memory/2664-0-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2664-3-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2664-4-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/2664-33-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads