36708a6c0c7c3f6af20ee8134307f35514f0b4cff71324b7d0a534537ef1ea28

Analysis

max time kernel
204s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 23:26

Target

NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe
Size

565KB
MD5

99d7b49c7948edb85602e0cb1e498cd0
SHA1

92c377b0921be9f4bdead0f9199ae55cd9e4378e
SHA256

36708a6c0c7c3f6af20ee8134307f35514f0b4cff71324b7d0a534537ef1ea28
SHA512

d588c34635bee4da30bb1948ccfa3dd1ba5c88ee519387b7963596a87459702b98ef1018247bb009209cd932a59360a60dd351ec22317e38f18ed101da947db3
SSDEEP

6144:mfRz03BJaRcurwZa+uBurfAB35ip2f+3mH8Rqi/MwGiiHsdmPU:mf63uRcurnJBuroB3EEm2ctM+kP

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4704	3084	WerFault.exe	85
3744	3084	WerFault.exe	85

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3084	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 4704	3084	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe	98
PID 3084 wrote to memory of 4704	3084	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe	98
PID 3084 wrote to memory of 4704	3084	NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe	98

C:\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.99d7b49c7948edb85602e0cb1e498cd0.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 1872
  2⤵
  - Program crash
  PID:4704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 1872
  2⤵
  - Program crash
  PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3084 -ip 3084
1⤵
PID:3908

memory/3084-0-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/3084-3-0x0000000000610000-0x0000000000612000-memory.dmp

Filesize
8KB

Download
memory/3084-4-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/3084-8-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/3084-11-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/3084-29-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/3084-30-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download