93e072a7c2a858d66c2f45a2514c3bbabe78fe1eeeec20b44fe0090904e2175e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 18:41

Target

00d936ddd4b384e17cbe9d925b606a50_NEAS.exe
Size

144KB
MD5

00d936ddd4b384e17cbe9d925b606a50
SHA1

79d2cbfd635534dbea6459d4533611bdf3e463c5
SHA256

93e072a7c2a858d66c2f45a2514c3bbabe78fe1eeeec20b44fe0090904e2175e
SHA512

33baf26baaa1e954fbde547705989bbde6f9eefadee555d911cca8ea1d74ac57ce22d5eee599c42d74a295618a111f9d65c303fc77077c30b41130975b5fa7be
SSDEEP

3072:9YJDjvRtcY80G0Kp4DjPgvuJHXWdyi9F7P1diCkqv5trvVzthDHPO2+rxJguwFyw:9EvAY8a7PEdyi37ddPZv5fzjtZ/eh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2936	2352	00d936ddd4b384e17cbe9d925b606a50_NEAS.exe	28
PID 2352 wrote to memory of 2936	2352	00d936ddd4b384e17cbe9d925b606a50_NEAS.exe	28
PID 2352 wrote to memory of 2936	2352	00d936ddd4b384e17cbe9d925b606a50_NEAS.exe	28

C:\Users\Admin\AppData\Local\Temp\00d936ddd4b384e17cbe9d925b606a50_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\00d936ddd4b384e17cbe9d925b606a50_NEAS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2352 -s 640
  2⤵
  PID:2936

memory/2352-0-0x000007FEF5C93000-0x000007FEF5C94000-memory.dmp

Filesize
4KB

Download
memory/2352-1-0x00000000010B0000-0x00000000010DA000-memory.dmp

Filesize
168KB

Download
memory/2352-2-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2352-3-0x000007FEF5C93000-0x000007FEF5C94000-memory.dmp

Filesize
4KB

Download
memory/2352-4-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download