5038c69a42ffd81b01f8f2493587bfe26238793493c49a5a26ac416f44b5c6e5

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 23:45

Target

NEAS.de96b0b2dc9d0648917cf31addfc7b20.exe
Size

1.6MB
MD5

de96b0b2dc9d0648917cf31addfc7b20
SHA1

8ebd5a16f94d6141399a9c1defd2cc26aebfd89d
SHA256

5038c69a42ffd81b01f8f2493587bfe26238793493c49a5a26ac416f44b5c6e5
SHA512

557e39f0cd7a67a5afc5a67aae2b831a8c18f7f51c0bd4552a8e4dd432be3b94906a1487a2ecfb6747f46dc9583830abac86bc6582fa1347b02710ec8cc9478c
SSDEEP

24576:Nyf3Su4a/KnwYtDXl42hxt3q7lR3hVtTcKaBQ7SdBZpeUErEH7P:Nyf3L4aGweXl1h/C3Jc9BQ7SdPMY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2892	2392	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2892	2392	NEAS.de96b0b2dc9d0648917cf31addfc7b20.exe	28
PID 2392 wrote to memory of 2892	2392	NEAS.de96b0b2dc9d0648917cf31addfc7b20.exe	28
PID 2392 wrote to memory of 2892	2392	NEAS.de96b0b2dc9d0648917cf31addfc7b20.exe	28
PID 2392 wrote to memory of 2892	2392	NEAS.de96b0b2dc9d0648917cf31addfc7b20.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.de96b0b2dc9d0648917cf31addfc7b20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.de96b0b2dc9d0648917cf31addfc7b20.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 148
  2⤵
  - Program crash
  PID:2892

memory/2392-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download