1ad8863fec07e2f7bf2734b9279714e2b4fb51bb78e3f7628b68556df8094928

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 08:20

Target

NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe
Size

408KB
MD5

e80afbea3c7427d36802ed24bea3f8b0
SHA1

f5a6680435fade408241fd3096c98e3a3af1b425
SHA256

1ad8863fec07e2f7bf2734b9279714e2b4fb51bb78e3f7628b68556df8094928
SHA512

5540e0f69109dfe34c3be4aa1960bfff0397cb0e63bfffd4bc550ea5c0828c9288a202f988ac2782d6988d1c07b160b5827addb9b63aaad42a52cb20fe5bf8a8
SSDEEP

12288:zGe7meZlHU0Xoyb0/U+O1dB7Ua09HVhzYf:zWeLHpXom08+YdB7U5HjYf

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1544 set thread context of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29
PID 1544 wrote to memory of 2708	1544	NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e80afbea3c7427d36802ed24bea3f8b0.exe"
  2⤵
  PID:2708

memory/2708-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-4-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-6-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2708-2-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-10-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-12-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-13-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-20-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-18-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2708-16-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2708-14-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2708-23-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2708-22-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download