70f37fce34f1917f8fb154efe7b1135777a8e2f80cee3604c81b2775686fef90

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 01:11

Target

NEAS.1d889faaaf66c492b2410f91e9db27c0.exe
Size

248KB
MD5

1d889faaaf66c492b2410f91e9db27c0
SHA1

84abd736c8819d20a178b2df49382e2afb4c6fa3
SHA256

70f37fce34f1917f8fb154efe7b1135777a8e2f80cee3604c81b2775686fef90
SHA512

93d156c683c28bf5d5d482325d8758f40758a4f74974f3a8b35885a27db36e084cb7a0636cd296a8886f89293e9c9b1864636f50e556e257347b7d47f81cd0fb
SSDEEP

6144:k0KuL9V087Q3OCkrVbJSKdLfre1NPEnjgcx1LVWvCtN:88UeCkrVbJSKdLjdr3LXr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	1052	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1052	NEAS.1d889faaaf66c492b2410f91e9db27c0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3032	1052	NEAS.1d889faaaf66c492b2410f91e9db27c0.exe	28
PID 1052 wrote to memory of 3032	1052	NEAS.1d889faaaf66c492b2410f91e9db27c0.exe	28
PID 1052 wrote to memory of 3032	1052	NEAS.1d889faaaf66c492b2410f91e9db27c0.exe	28
PID 1052 wrote to memory of 3032	1052	NEAS.1d889faaaf66c492b2410f91e9db27c0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.1d889faaaf66c492b2410f91e9db27c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1d889faaaf66c492b2410f91e9db27c0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 608
  2⤵
  - Program crash
  PID:3032

memory/1052-0-0x0000000001060000-0x00000000010B2000-memory.dmp

Filesize
328KB

Download
memory/1052-1-0x0000000074880000-0x0000000074F6E000-memory.dmp

Filesize
6.9MB

Download
memory/1052-2-0x0000000000DC0000-0x0000000000E00000-memory.dmp

Filesize
256KB

Download
memory/1052-3-0x0000000074880000-0x0000000074F6E000-memory.dmp

Filesize
6.9MB

Download
memory/1052-4-0x0000000000DC0000-0x0000000000E00000-memory.dmp

Filesize
256KB

Download