6aea46b32385cdcef6a358f5f79e9ecfea9e5bbd6563141825fa3d5a38e0c689

Analysis

max time kernel
117s
max time network
132s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
18/11/2023, 07:13

Target

NEAS.d497dfbc1e46533fe440279ff9125e10.exe
Size

224KB
MD5

d497dfbc1e46533fe440279ff9125e10
SHA1

95892970204641eb8fd9a019df76a2c67272602c
SHA256

6aea46b32385cdcef6a358f5f79e9ecfea9e5bbd6563141825fa3d5a38e0c689
SHA512

fd4484ab5d443b005c3fb1457f8925e5aa415dcc2db7fec17fbfce7ebfb283123ea334d710e7ca7b49c724db42abd8628726786a3322e7f9332b4e40f5f027de
SSDEEP

1536:y/ZhdMwVIpz1T/XESLWhw5PboEymE6ffSHQesz:y/ZhdMwVIpz1T/XEDhw5Pc+E6HKQes

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2356	2912	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2356	2912	NEAS.d497dfbc1e46533fe440279ff9125e10.exe	28
PID 2912 wrote to memory of 2356	2912	NEAS.d497dfbc1e46533fe440279ff9125e10.exe	28
PID 2912 wrote to memory of 2356	2912	NEAS.d497dfbc1e46533fe440279ff9125e10.exe	28
PID 2912 wrote to memory of 2356	2912	NEAS.d497dfbc1e46533fe440279ff9125e10.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.d497dfbc1e46533fe440279ff9125e10.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d497dfbc1e46533fe440279ff9125e10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 36
  2⤵
  - Program crash
  PID:2356