cee899b19c33f2e4a5baef7122e9ea93274d4e9113303b596bed5be5ecffa1f6

Analysis

max time kernel
63s
max time network
32s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
12/11/2023, 09:44 UTC

Target

NEAS.6fee6de3825534c0c48148f9127457f0.exe
Size

496KB
MD5

6fee6de3825534c0c48148f9127457f0
SHA1

7f91d85839d000a68cb5f243e684a07f8b64c81d
SHA256

cee899b19c33f2e4a5baef7122e9ea93274d4e9113303b596bed5be5ecffa1f6
SHA512

f6e9d39541393b780f55f752bd06995bd089e74edfa5c1d3dc6d73cc7bfc920defe536bb4eb7e32835db38ba3a8b0896dcfd3a177d8f8d1134bf936d0201d9f1
SSDEEP

768:teyk2OoAFn4ejOvoAPfTlJjfx8W7Nl9/IkY/S2DQ:qo249vp3RJjGW7T9g5l0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2724	2640	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2724	2640	NEAS.6fee6de3825534c0c48148f9127457f0.exe	29
PID 2640 wrote to memory of 2724	2640	NEAS.6fee6de3825534c0c48148f9127457f0.exe	29
PID 2640 wrote to memory of 2724	2640	NEAS.6fee6de3825534c0c48148f9127457f0.exe	29
PID 2640 wrote to memory of 2724	2640	NEAS.6fee6de3825534c0c48148f9127457f0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.6fee6de3825534c0c48148f9127457f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6fee6de3825534c0c48148f9127457f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 36
  2⤵
  - Program crash
  PID:2724

memory/2640-0-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download