6512a97dfc169ed2b8597e06261ad1e0ea947a86bba4579b9c285b0a4cb79b28 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bf132a47120129acff34b8c989d1f930.exe
Size

5KB
MD5

bf132a47120129acff34b8c989d1f930
SHA1

52fececfd01315374d852573c72ceec98706d54c
SHA256

6512a97dfc169ed2b8597e06261ad1e0ea947a86bba4579b9c285b0a4cb79b28
SHA512

13cf74a4f97e86e7dc7a2fd14338f3042d38718b1d310ce59133d245745658013b43bed50086322d25e8709d7ea37cb03646e3c5924c2300c8789df5b4cef186
SSDEEP

96:ktHvdXbnGIxCtUUcLfLnOmnddoTrs7F30eor:2vdXKsUunOmbdor

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2192	2324	NEAS.bf132a47120129acff34b8c989d1f930.exe	29
PID 2324 wrote to memory of 2192	2324	NEAS.bf132a47120129acff34b8c989d1f930.exe	29
PID 2324 wrote to memory of 2192	2324	NEAS.bf132a47120129acff34b8c989d1f930.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.bf132a47120129acff34b8c989d1f930.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bf132a47120129acff34b8c989d1f930.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231014T042737_388.exe
  2⤵
  PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads