208e8151c8734a3ddaddef805a47e497edebee27d357e7e0e42ddb967282ae14

Analysis

max time kernel
140s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:27

Target

NEAS.6da9475299a9258f56ad579d5403e350.exe
Size

78KB
MD5

6da9475299a9258f56ad579d5403e350
SHA1

c81b533e4e1e7a53f7422fb44ccd2266a84e8bd9
SHA256

208e8151c8734a3ddaddef805a47e497edebee27d357e7e0e42ddb967282ae14
SHA512

21c4f3eb83dd850251775d1a8b5b2528cbbc9c0a8f56506dbafab43be8acc6cf385aea046f27a4cec6e58256e254e3fa063eb4508637ace11dea3ad1e9274976
SSDEEP

1536:BIsjIFHRoHSeBi4JdGpgGhj+paZOfjS65Xk1:udpRoPE47G2GlhOfjX5Xk1

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 652 set thread context of 4964	652	NEAS.6da9475299a9258f56ad579d5403e350.exe	89

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 4964	652	NEAS.6da9475299a9258f56ad579d5403e350.exe	89
PID 652 wrote to memory of 4964	652	NEAS.6da9475299a9258f56ad579d5403e350.exe	89
PID 652 wrote to memory of 4964	652	NEAS.6da9475299a9258f56ad579d5403e350.exe	89
PID 652 wrote to memory of 4964	652	NEAS.6da9475299a9258f56ad579d5403e350.exe	89
PID 652 wrote to memory of 4964	652	NEAS.6da9475299a9258f56ad579d5403e350.exe	89
PID 652 wrote to memory of 4964	652	NEAS.6da9475299a9258f56ad579d5403e350.exe	89
PID 4964 wrote to memory of 3200	4964	NEAS.6da9475299a9258f56ad579d5403e350.exe	58
PID 4964 wrote to memory of 3200	4964	NEAS.6da9475299a9258f56ad579d5403e350.exe	58
PID 4964 wrote to memory of 3200	4964	NEAS.6da9475299a9258f56ad579d5403e350.exe	58
PID 4964 wrote to memory of 3200	4964	NEAS.6da9475299a9258f56ad579d5403e350.exe	58

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 652 -ip 652
1⤵
PID:3188

memory/3200-8-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3200-9-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/4964-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4964-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4964-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4964-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4964-6-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4964-14-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download