fa34151c48002951f230407fbf580c32066aa79429215e5252b23b3458c6ac9f

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
13/11/2023, 02:50

Target

NEAS.10b693999260b52c8defed6616779410.exe
Size

208KB
MD5

10b693999260b52c8defed6616779410
SHA1

2230d1034735fde6bc254ef8b69ba1a30bffec8f
SHA256

fa34151c48002951f230407fbf580c32066aa79429215e5252b23b3458c6ac9f
SHA512

eb003e3dc55a7e5b705d8a140d5ad1338b024f339df9a6835358ef967d99431958aaea751507dd4392aa485b081b3f2301e8c8ca763311f902878d7ac30b112e
SSDEEP

768:TpMeEXxR3F8UNvrJb0PztsYDpVLGc3HZWok/6pSy7ksyqrT/1H5NXdnh:TqzXF8CvrJ4PBhDP35RrrhR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2228	1568	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2228	1568	NEAS.10b693999260b52c8defed6616779410.exe	28
PID 1568 wrote to memory of 2228	1568	NEAS.10b693999260b52c8defed6616779410.exe	28
PID 1568 wrote to memory of 2228	1568	NEAS.10b693999260b52c8defed6616779410.exe	28
PID 1568 wrote to memory of 2228	1568	NEAS.10b693999260b52c8defed6616779410.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.10b693999260b52c8defed6616779410.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.10b693999260b52c8defed6616779410.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 36
  2⤵
  - Program crash
  PID:2228

memory/1568-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download