642d92707a17486cca27cb78148dc78352a4d975c52cea7455910f50aca8c3bd

Analysis

max time kernel
121s
max time network
149s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
12-11-2023 09:55

Target

NEAS.395221bae4a623c23642b9a5679fb3a0.exe
Size

472KB
MD5

395221bae4a623c23642b9a5679fb3a0
SHA1

b2ccf43c7b0f0e921f5f26e6c55b7b133d990ef2
SHA256

642d92707a17486cca27cb78148dc78352a4d975c52cea7455910f50aca8c3bd
SHA512

3b4d2c9d0ea7aec504636154f0b03a4faff99094dbef0fb81d30175123f563f7a09760aacd493a1e3df98d79af23cf97b229ceeeac916a725a252ed49fb6ae65
SSDEEP

3072:g8RinudiP52xx67lLdpiHDotAxUtB1XKhJ11upJvYGTQ3jmpdv2:FkgiPA6RHPtAxOahdOJvv0TaO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2364	2952	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2364	2952	NEAS.395221bae4a623c23642b9a5679fb3a0.exe	28
PID 2952 wrote to memory of 2364	2952	NEAS.395221bae4a623c23642b9a5679fb3a0.exe	28
PID 2952 wrote to memory of 2364	2952	NEAS.395221bae4a623c23642b9a5679fb3a0.exe	28
PID 2952 wrote to memory of 2364	2952	NEAS.395221bae4a623c23642b9a5679fb3a0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.395221bae4a623c23642b9a5679fb3a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.395221bae4a623c23642b9a5679fb3a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 36
  2⤵
  - Program crash
  PID:2364

memory/2952-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download