3fc333315bfcfdc60c337a4e53898d6816a64cab79e262737e33b1897dd7a825

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 17:51

Target

NEAS.38d570e8860eb255a4dd14396ab657c0.exe
Size

147KB
MD5

38d570e8860eb255a4dd14396ab657c0
SHA1

f3afbcd61aae06b40f2cf505a2eb4a9a2c7a2f87
SHA256

3fc333315bfcfdc60c337a4e53898d6816a64cab79e262737e33b1897dd7a825
SHA512

4ebee6fe030c72f1057d31d8c4c44a9be260b706cc3b018bfe60b8c32f891f08f8b3086199c4e52ec18a70b47e45033c18984d24dcdb5a1280c6b9bfed759a55
SSDEEP

3072:UlRkrFGVtA42mGZG+6o/ZuX5ZmXLC9gAAHal2jJJ:UsriA4eZ0m8Zxlij

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2124 set thread context of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28
PID 2124 wrote to memory of 284	2124	NEAS.38d570e8860eb255a4dd14396ab657c0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.38d570e8860eb255a4dd14396ab657c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.38d570e8860eb255a4dd14396ab657c0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\NEAS.38d570e8860eb255a4dd14396ab657c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.38d570e8860eb255a4dd14396ab657c0.exe"
  2⤵
  PID:284

memory/284-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/284-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/284-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/284-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/284-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/284-10-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/284-12-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/284-13-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/284-14-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download