05dd6bf4ad23bc30673573b42f8c5772faecb2b477ae6b11ac751ee1d7d62099 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
12-11-2023 07:49

Sharing

Report Analysis Logs

General

Target

NEAS.7d88052d33118cf211c1138a9a98e0f0.exe
Size

268KB
MD5

7d88052d33118cf211c1138a9a98e0f0
SHA1

c396a34d7a219bacf929222c230d2247db5a0f6f
SHA256

05dd6bf4ad23bc30673573b42f8c5772faecb2b477ae6b11ac751ee1d7d62099
SHA512

92943ed0d942731cf36bc40d76bfb57f757420eda6ccdbd4ede49ffdcdba70c6afba8e093cd1a692e2304be6e4bf682b55e0e6afeaa7314f6ba414df0e1f0d4a
SSDEEP

3072:BSmj5KdxzQZ8Pj5/c3R947Bp4PmebD5Vo:B/NKPK8buc/oHbD5W

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2948	2164	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2948	2164	NEAS.7d88052d33118cf211c1138a9a98e0f0.exe	16
PID 2164 wrote to memory of 2948	2164	NEAS.7d88052d33118cf211c1138a9a98e0f0.exe	16
PID 2164 wrote to memory of 2948	2164	NEAS.7d88052d33118cf211c1138a9a98e0f0.exe	16
PID 2164 wrote to memory of 2948	2164	NEAS.7d88052d33118cf211c1138a9a98e0f0.exe	16

C:\Users\Admin\AppData\Local\Temp\NEAS.7d88052d33118cf211c1138a9a98e0f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.7d88052d33118cf211c1138a9a98e0f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 36
  2⤵
  - Program crash
  PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2164-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download