b434ece8912cdeb82085b94d2f77d7b1315b31c81c562a15765b3356810784e7

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 17:57

Target

NEAS.6abb77467e5584961bd7e25f62421a70.exe
Size

194KB
MD5

6abb77467e5584961bd7e25f62421a70
SHA1

a07469664941a10a2c45e983522e75c07d12271c
SHA256

b434ece8912cdeb82085b94d2f77d7b1315b31c81c562a15765b3356810784e7
SHA512

312d03b112168f659bf45a60ddd0f11a2894ef1a4061f88c804cae17a9e6a48db1f69bf198528cb402ecf061991fac2709b858b7017ee8795bb03b9c728d5d8f
SSDEEP

3072:HW+9XxZnkipYxBQrxmhwoZhHJ+OY6LTtqeDDDnWmgwSjBkNmPCS/o9:HzXzkvHQIm2sGLxDmnjBkuCSO

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2840 set thread context of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91
PID 2840 wrote to memory of 1184	2840	NEAS.6abb77467e5584961bd7e25f62421a70.exe	91

C:\Users\Admin\AppData\Local\Temp\NEAS.6abb77467e5584961bd7e25f62421a70.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6abb77467e5584961bd7e25f62421a70.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Users\Admin\AppData\Local\Temp\NEAS.6abb77467e5584961bd7e25f62421a70.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.6abb77467e5584961bd7e25f62421a70.exe
  2⤵
  PID:1184

memory/1184-1-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1184-3-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1184-4-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1184-5-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2840-0-0x00000000023C0000-0x00000000023C4000-memory.dmp

Filesize
16KB

Download