4ac12ebd0e13c8cfa9e902b02796b7cf69318838387dedbd30c4ad244d1a5867

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 19:29

Target

NEAS.7491242fca6b2bce663ecb260725f420.exe
Size

1.0MB
MD5

7491242fca6b2bce663ecb260725f420
SHA1

517fc4040eff4e08915311a7dea9ef9c0f7ab9dc
SHA256

4ac12ebd0e13c8cfa9e902b02796b7cf69318838387dedbd30c4ad244d1a5867
SHA512

9cb7477b89db6e8b73173ffbf8b47570b6d5a2b3e85392a3453a6b8d04a2f01e7af9c536fd5142e980a351107b4a048701fdf312f5c957899764a1387febfe50
SSDEEP

12288:nrB5f2d0FwPenT2U7vqxIdU7TYnrL9dpxf2xhguuSVKELgBctblp26T:fudowPenT2U7vqULnrLBFw1MBctn2

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1740 set thread context of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2800	2456	WerFault.exe	28

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 1740 wrote to memory of 2456	1740	NEAS.7491242fca6b2bce663ecb260725f420.exe	28
PID 2456 wrote to memory of 2800	2456	AppLaunch.exe	29
PID 2456 wrote to memory of 2800	2456	AppLaunch.exe	29
PID 2456 wrote to memory of 2800	2456	AppLaunch.exe	29
PID 2456 wrote to memory of 2800	2456	AppLaunch.exe	29
PID 2456 wrote to memory of 2800	2456	AppLaunch.exe	29
PID 2456 wrote to memory of 2800	2456	AppLaunch.exe	29
PID 2456 wrote to memory of 2800	2456	AppLaunch.exe	29

memory/2456-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-2-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-3-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-4-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-5-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2456-7-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-9-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2456-11-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download