1daea6dccbc65042dd856a5b6a06a4974b14501056f5733a3e68699ddf4737dd

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 03:01

Target

NEAS.5831be25f74d50838f3a916361daf8d0.exe
Size

268KB
MD5

5831be25f74d50838f3a916361daf8d0
SHA1

201c263b8d0e6411e6adc75c71a7028358b59551
SHA256

1daea6dccbc65042dd856a5b6a06a4974b14501056f5733a3e68699ddf4737dd
SHA512

6cb17f4f60f15e48ed45e1408555f6eb3322eb755e9ec6e12973c095cf3ba2a91cafb1d65c9a5c94aab1862fc0becdc358c575f16e63aaeb037ab9043830f5da
SSDEEP

1536:h5zXF8CvrJ4PBhDP35RaEHxjXq+66DFUABABOVLefE:vh8k6DP3baEHxj6+JB8M

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2440	1952	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2440	1952	NEAS.5831be25f74d50838f3a916361daf8d0.exe	28
PID 1952 wrote to memory of 2440	1952	NEAS.5831be25f74d50838f3a916361daf8d0.exe	28
PID 1952 wrote to memory of 2440	1952	NEAS.5831be25f74d50838f3a916361daf8d0.exe	28
PID 1952 wrote to memory of 2440	1952	NEAS.5831be25f74d50838f3a916361daf8d0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.5831be25f74d50838f3a916361daf8d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5831be25f74d50838f3a916361daf8d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 36
  2⤵
  - Program crash
  PID:2440

memory/1952-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download