147a4b89ff30830d1f07e85ee07198063a8cb6d4e49a8cc35fe817a00ba333eb

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:28

Target

NEAS.8ed681119d41fb11c9684998f4e93750.exe
Size

406KB
MD5

8ed681119d41fb11c9684998f4e93750
SHA1

dda559c7fc825cfd65a89dde96a8218a6e5f3c64
SHA256

147a4b89ff30830d1f07e85ee07198063a8cb6d4e49a8cc35fe817a00ba333eb
SHA512

8a480dda5333512ec6ad6259774d67b8f205de5ff1427005fa72211e5e5e56c6dc94d3de13c9d85ea29f6f40d11e3809fb3b26e7126c7eabd562e793bd475541
SSDEEP

6144:O0SGI49+xqqktnRbYZIdeUubN4/ZTrS1ksarH2DXyddXSJdokQdEgN25eB9yVZ+X:O07ggqkdRbV0NEVrSG2DXSXSJdoBTBo

Score

1^/10

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	NEAS.8ed681119d41fb11c9684998f4e93750.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	NEAS.8ed681119d41fb11c9684998f4e93750.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1420	NEAS.8ed681119d41fb11c9684998f4e93750.exe
1420	NEAS.8ed681119d41fb11c9684998f4e93750.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1420	NEAS.8ed681119d41fb11c9684998f4e93750.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1420	NEAS.8ed681119d41fb11c9684998f4e93750.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1420	NEAS.8ed681119d41fb11c9684998f4e93750.exe
1420	NEAS.8ed681119d41fb11c9684998f4e93750.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1420	2040	NEAS.8ed681119d41fb11c9684998f4e93750.exe	86
PID 2040 wrote to memory of 1420	2040	NEAS.8ed681119d41fb11c9684998f4e93750.exe	86
PID 2040 wrote to memory of 1420	2040	NEAS.8ed681119d41fb11c9684998f4e93750.exe	86

C:\Users\Admin\AppData\Local\Temp\NEAS.8ed681119d41fb11c9684998f4e93750.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8ed681119d41fb11c9684998f4e93750.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\NEAS.8ed681119d41fb11c9684998f4e93750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8ed681119d41fb11c9684998f4e93750.exe"
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1420

C:\Users\Admin\AppData\Local\Temp\~temp083950554.tmp

Filesize
12B

MD5
5d757f25ddfbf95fbdf679bf42b49c2a

SHA1
23c7d749415ef5c782fcf40892cc0342d647df5f

SHA256
abffbd48ba0f450ba8143919f22e3d1d9e39f7abf9a7abd76a8f236d366af32d

SHA512
b8fe952ef46f3a0fb8358e1167f21a9e56f9b4ce6bf3bf890c484f20e309c8acd3df1864d22d6538aa88f3b8bae8ab19344b3cad8672ff9bfed75ba51c80c21e

Download Submit
memory/1420-6-0x0000000000700000-0x0000000000800000-memory.dmp

Filesize
1024KB

Download
memory/1420-8-0x0000000000700000-0x0000000000800000-memory.dmp

Filesize
1024KB

Download
memory/1420-15-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/2040-0-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download
memory/2040-3-0x0000000000400000-0x0000000000528000-memory.dmp

Filesize
1.2MB

Download