0ce242029aececb07c87a6ab5e7614107cd6e3acda6adf54f9a1030e1ea0fced

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
13-11-2023 01:39

Target

NEAS.d3bed4d190b8172f356405a6aa7bf240.exe
Size

252KB
MD5

d3bed4d190b8172f356405a6aa7bf240
SHA1

91a8602278bc63440b42c4be0ce3197e28ae17a3
SHA256

0ce242029aececb07c87a6ab5e7614107cd6e3acda6adf54f9a1030e1ea0fced
SHA512

85766f0a9f7a42b9e745a81114fa4261c1af6294749ecd5a87ed1d111e12a24046e02a16a8e4bdb27223606775372a586e4a1bd823d779e47497c27e436b3f9a
SSDEEP

1536:iDr1hil300lXlU+K1w6+57FopmfgST+Kjiwg58:iP1hiXaB1sFocftzY58

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2152	2816	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2152	2816	NEAS.d3bed4d190b8172f356405a6aa7bf240.exe	28
PID 2816 wrote to memory of 2152	2816	NEAS.d3bed4d190b8172f356405a6aa7bf240.exe	28
PID 2816 wrote to memory of 2152	2816	NEAS.d3bed4d190b8172f356405a6aa7bf240.exe	28
PID 2816 wrote to memory of 2152	2816	NEAS.d3bed4d190b8172f356405a6aa7bf240.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d3bed4d190b8172f356405a6aa7bf240.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d3bed4d190b8172f356405a6aa7bf240.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 36
  2⤵
  - Program crash
  PID:2152

memory/2816-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download