e820b25adc576b9dda47144c0ec2b3cb954b1ebef6a4ad344340a6e5a5729387 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 19:16

Sharing

Report Analysis Logs

General

Target

NEAS.da6fa5ea8317532166a45c6d193fa000.exe
Size

5KB
MD5

da6fa5ea8317532166a45c6d193fa000
SHA1

37678b37686ef7672114d11370a368dc7dc73717
SHA256

e820b25adc576b9dda47144c0ec2b3cb954b1ebef6a4ad344340a6e5a5729387
SHA512

5662063df99c353e6465e8ba580ac43f21dd049921c2c25099262ab3fbd3f8fabd07124f80749ea12270d045f90a94d17c81abe2d681039312d9f34dcb91c488
SSDEEP

96:StH4XR6Zg/dweu1OexoOZbTrZN0gOorE:k4XEZEdwzRGO2gOor

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2668	2344	NEAS.da6fa5ea8317532166a45c6d193fa000.exe	30
PID 2344 wrote to memory of 2668	2344	NEAS.da6fa5ea8317532166a45c6d193fa000.exe	30
PID 2344 wrote to memory of 2668	2344	NEAS.da6fa5ea8317532166a45c6d193fa000.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.da6fa5ea8317532166a45c6d193fa000.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.da6fa5ea8317532166a45c6d193fa000.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231015T090532_974.exe
  2⤵
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads