0ea1b15812814e2a0ec8a35e84a2c7b5d201cc6de30ac4cd6a352fdec54b59db | Triage

Analysis

max time kernel
97s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 09:58

Sharing

Report Analysis Logs

General

Target

NEAS.f063a7157de7f70dcb77616a8b46e1f0.exe
Size

256KB
MD5

f063a7157de7f70dcb77616a8b46e1f0
SHA1

3bef3bfbe6c05d9ab0194208b24b2f9ff4e717dc
SHA256

0ea1b15812814e2a0ec8a35e84a2c7b5d201cc6de30ac4cd6a352fdec54b59db
SHA512

aa98c6d8aba85836b221e16d53895ed9bb8cceabcadca51e3afdd425a29b8959d78004a07a4ca31ebf153382545ec2334be7854983e905b9c944a0e5a50fc340
SSDEEP

3072:fC6xRyfFP0o35cc+rp4OUzjTWM1dQrTOwZtFKn:fC6xRydsS+eN3M9Zi

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2296	2904	WerFault.exe	27
3288	2904	WerFault.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.f063a7157de7f70dcb77616a8b46e1f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f063a7157de7f70dcb77616a8b46e1f0.exe"
1⤵
PID:2904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
  2⤵
  - Program crash
  PID:2296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 224
  2⤵
  - Program crash
  PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2904 -ip 2904
1⤵
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2904 -ip 2904
1⤵
PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2904-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download