ab7f93b129946c311d08f101414530ceafaa15365c06522264b29ac7e9512f28

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 19:17

Target

NEAS.dd38841a447bead5b8beabb267592510.exe
Size

5KB
MD5

dd38841a447bead5b8beabb267592510
SHA1

6b14e1db4af724dc90d4ac4f1b448534b08c27f1
SHA256

ab7f93b129946c311d08f101414530ceafaa15365c06522264b29ac7e9512f28
SHA512

f2e2a39da93258570e9f28be0db4d3fc1510ae05f24ae6a3159509e4e90bcd9eb3c521a16558f46b6149c49d897da0c32a23871a8bbc22006181fab09ba5e6d5
SSDEEP

48:6MjtHxWXZR/4plYRWhxeXzu6fvQJrONvTrg7GtGd9d/9orw2d03z:xtHwXZJ4plYRccjrfYJrO9Tr3aor

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2664	1720	NEAS.dd38841a447bead5b8beabb267592510.exe	29
PID 1720 wrote to memory of 2664	1720	NEAS.dd38841a447bead5b8beabb267592510.exe	29
PID 1720 wrote to memory of 2664	1720	NEAS.dd38841a447bead5b8beabb267592510.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231015T091756_106.exe
  2⤵
  PID:2664