22130abe682a2cf6189d7bbc4bb8b0233f64b008f5ef9c7c3c178907c67c9aa6

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 20:27

Target

NEAS.6fca0e55c5891d57474556d4eee062b0.exe
Size

5KB
MD5

6fca0e55c5891d57474556d4eee062b0
SHA1

125a4dfedf6cb69519b4429464a0acdfbd618a8a
SHA256

22130abe682a2cf6189d7bbc4bb8b0233f64b008f5ef9c7c3c178907c67c9aa6
SHA512

753dab16b7deb4929502cc1e3c47edc38a213c5bfd3ea651a3e50a5c44909b33121e5978a2bdb55fcfdea8961499294744b532c80a971f29c9aa57addfc18966
SSDEEP

48:6hbtHZWXhpWGwS+Aou9Jwzu6fvIvFONHTrg7vGdLdh9orwKpt:8tHIXhUGOC9JKrfgtOlTrayorTt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1552	2076	NEAS.6fca0e55c5891d57474556d4eee062b0.exe	30
PID 2076 wrote to memory of 1552	2076	NEAS.6fca0e55c5891d57474556d4eee062b0.exe	30
PID 2076 wrote to memory of 1552	2076	NEAS.6fca0e55c5891d57474556d4eee062b0.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.6fca0e55c5891d57474556d4eee062b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6fca0e55c5891d57474556d4eee062b0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231014T001600_140.exe
  2⤵
  PID:1552