3ccc7849787393f7c51e0c08aa5a14615803638ab86551148695d5acaac88bb3

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 07:39

Target

NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe
Size

639KB
MD5

31c89c9e066991e0d51554d2cfaf4f70
SHA1

e111ab6273ffe59db71c9283877e358d9ce7798b
SHA256

3ccc7849787393f7c51e0c08aa5a14615803638ab86551148695d5acaac88bb3
SHA512

4ff2fec0c6525d8d3416ca4661bfcf89889a7f0924a234131fde71543f65462697946323eb975bcfb44a21e56cf82cc1d7c609d71fe2edf6742add7f62d0633c
SSDEEP

12288:1TWGpn2xB01jNiG9S/etSLH8+D/YTrEviZ+r6W0:U4niW1jNiG9S/etf+grEaZ++W

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3228 set thread context of 3092	3228	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe	100

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3248	3092	WerFault.exe	100

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3092	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe
3092	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3228 wrote to memory of 3092	3228	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe	100
PID 3228 wrote to memory of 3092	3228	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe	100
PID 3228 wrote to memory of 3092	3228	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe	100
PID 3228 wrote to memory of 3092	3228	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe	100
PID 3228 wrote to memory of 3092	3228	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe	100
PID 3228 wrote to memory of 3092	3228	NEAS.31c89c9e066991e0d51554d2cfaf4f70.exe	100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3092 -ip 3092
1⤵
PID:4276

memory/3092-10-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3092-14-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3092-13-0x0000000001B90000-0x0000000001EDA000-memory.dmp

Filesize
3.3MB

Download
memory/3228-6-0x0000000005B10000-0x0000000005B1E000-memory.dmp

Filesize
56KB

Download
memory/3228-4-0x0000000005980000-0x0000000005990000-memory.dmp

Filesize
64KB

Download
memory/3228-5-0x00000000058D0000-0x00000000058DA000-memory.dmp

Filesize
40KB

Download
memory/3228-0-0x0000000000D80000-0x0000000000E26000-memory.dmp

Filesize
664KB

Download
memory/3228-7-0x0000000005CF0000-0x0000000005CFA000-memory.dmp

Filesize
40KB

Download
memory/3228-8-0x00000000070F0000-0x000000000716C000-memory.dmp

Filesize
496KB

Download
memory/3228-9-0x0000000009750000-0x00000000097EC000-memory.dmp

Filesize
624KB

Download
memory/3228-3-0x0000000005830000-0x00000000058C2000-memory.dmp

Filesize
584KB

Download
memory/3228-12-0x0000000074B00000-0x00000000752B0000-memory.dmp

Filesize
7.7MB

Download
memory/3228-2-0x0000000005D40000-0x00000000062E4000-memory.dmp

Filesize
5.6MB

Download
memory/3228-1-0x0000000074B00000-0x00000000752B0000-memory.dmp

Filesize
7.7MB

Download