2e84d149305724eb66878775c234fabe85aa9827540b0174042848e365516db4

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 02:26

Target

NEAS.8b5dc8296da3dbd869bd19d8fa626610.exe
Size

90KB
MD5

8b5dc8296da3dbd869bd19d8fa626610
SHA1

24ee1ca1c36a08925557b80fb9831da92e6ace4a
SHA256

2e84d149305724eb66878775c234fabe85aa9827540b0174042848e365516db4
SHA512

7a0ffb9dd4cbbefe6f5dae0beb3177440fad8f1374aec01216f61a8bb9d799ec24f5995d8c6fc5c0410de83b24a4b48c53beef20b007de71a1f274a4f4525527
SSDEEP

1536:tNJIBgqsn+FNOOWGpojHNlllllllQQQQQQllWlllllllQQQQQQlleHIZHN6gKu9w:rcxFNM5Bgt9/AxrxUEEwW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2324	2364	NEAS.8b5dc8296da3dbd869bd19d8fa626610.exe	29
PID 2364 wrote to memory of 2324	2364	NEAS.8b5dc8296da3dbd869bd19d8fa626610.exe	29
PID 2364 wrote to memory of 2324	2364	NEAS.8b5dc8296da3dbd869bd19d8fa626610.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.8b5dc8296da3dbd869bd19d8fa626610.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8b5dc8296da3dbd869bd19d8fa626610.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2364 -s 488
  2⤵
  PID:2324

memory/2364-0-0x0000000000E50000-0x0000000000E6C000-memory.dmp

Filesize
112KB

Download
memory/2364-1-0x000007FEF5E20000-0x000007FEF680C000-memory.dmp

Filesize
9.9MB

Download
memory/2364-2-0x000007FEF5E20000-0x000007FEF680C000-memory.dmp

Filesize
9.9MB

Download