Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
13-11-2023 03:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.23fe001f79302f33af71b188f4474bc0.exe
Resource
win7-20231023-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.23fe001f79302f33af71b188f4474bc0.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
NEAS.23fe001f79302f33af71b188f4474bc0.exe
-
Size
244KB
-
MD5
23fe001f79302f33af71b188f4474bc0
-
SHA1
9348c8e5664e8af61c43bbd6a477d70c5b425580
-
SHA256
989b422ba95a3376b5ecac8fe2bb4581c71a295c6324bb81fb682532d2389059
-
SHA512
3f3eba5bd2456b0906e1954b780a9f44ab02bbb4012284c30e3911d34b852afdad1aa00f5fe9c93b3055efd9d7131e22c31cb7a308462252fd39f94018739d90
-
SSDEEP
3072:ZB9QYUCTydYWKnvhWXVqmfpy6Ku/Ub0+N:P9fUS2YWKvSEmfTT8b0+N
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2136 2380 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2136 2380 NEAS.23fe001f79302f33af71b188f4474bc0.exe 28 PID 2380 wrote to memory of 2136 2380 NEAS.23fe001f79302f33af71b188f4474bc0.exe 28 PID 2380 wrote to memory of 2136 2380 NEAS.23fe001f79302f33af71b188f4474bc0.exe 28 PID 2380 wrote to memory of 2136 2380 NEAS.23fe001f79302f33af71b188f4474bc0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.23fe001f79302f33af71b188f4474bc0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.23fe001f79302f33af71b188f4474bc0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 362⤵
- Program crash
PID:2136
-