ba15d38abec4911ee029dd02847ee89e8e0a42ea7f7aa9b18230b9463133a8fd

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
08/09/2022, 14:58

Target

NS2.exe
Size

125KB
MD5

597de376b1f80c06d501415dd973dcec
SHA1

629c9649ced38fd815124221b80c9d9c59a85e74
SHA256

f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
SHA512

072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b
SSDEEP

1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 884	1196	NS2.exe	28
PID 1196 wrote to memory of 884	1196	NS2.exe	28
PID 1196 wrote to memory of 884	1196	NS2.exe	28
PID 1196 wrote to memory of 884	1196	NS2.exe	28

C:\Users\Admin\AppData\Local\Temp\NS2.exe
"C:\Users\Admin\AppData\Local\Temp\NS2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:884