8cdc6bdc96ebc4d8d96274fc3392f616552bc34238eb29ddb47fc894f5f35853

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 08:59

Target

NEAS.df60aa32eb1ed986af6fc22dc078a4f0.exe
Size

26KB
MD5

df60aa32eb1ed986af6fc22dc078a4f0
SHA1

0def1d184cecba6ff781b9831fc649088e1abff2
SHA256

8cdc6bdc96ebc4d8d96274fc3392f616552bc34238eb29ddb47fc894f5f35853
SHA512

903da96e7ec45aeb9022b967f5a2e75b6ed16f6958bb31cc19fc968897394dd4173f54af6f480835a71abf1c2b355072c9b143b2ac06e19996cd8a95bb5d46f0
SSDEEP

384:FgnNKEzacWL1PRT4J2iw31lKWxyTXbzMD/ajNeSQy7kQ81DHv:FWY93L154J0Q2OEywSQwk7j

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2508 set thread context of 1628	2508	NEAS.df60aa32eb1ed986af6fc22dc078a4f0.exe	86

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1384	1628	WerFault.exe	86

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1628	2508	NEAS.df60aa32eb1ed986af6fc22dc078a4f0.exe	86
PID 2508 wrote to memory of 1628	2508	NEAS.df60aa32eb1ed986af6fc22dc078a4f0.exe	86
PID 2508 wrote to memory of 1628	2508	NEAS.df60aa32eb1ed986af6fc22dc078a4f0.exe	86
PID 2508 wrote to memory of 1628	2508	NEAS.df60aa32eb1ed986af6fc22dc078a4f0.exe	86
PID 2508 wrote to memory of 1628	2508	NEAS.df60aa32eb1ed986af6fc22dc078a4f0.exe	86

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1628 -ip 1628
1⤵
PID:4700

memory/1628-1-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2508-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2508-5-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download