77dbc6aac385a696da7c85c9d41f0e89b4baa54b0b3c086f478df77b46006359

Analysis

max time kernel
139s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2023 18:33

Target

NEAS.b1e85e73b6fc1754f882e6b586f78ca0.exe
Size

4.2MB
MD5

b1e85e73b6fc1754f882e6b586f78ca0
SHA1

4fe6207a03627d583d14254500d48a36561f2ff7
SHA256

77dbc6aac385a696da7c85c9d41f0e89b4baa54b0b3c086f478df77b46006359
SHA512

d5f74320c38be588b2ca622f390499737757cfd000987b67f9ee8d691251624a94deb985506fe12e8a1ed236af757a017cdc3d38bcedcf6118b412b613af93c5
SSDEEP

98304:/KeyRGebdCpy5atuKLXZYc6ePj+b4SrNEj5Jjk40EwMK42Z/F:SHYPy5alLXec6ePjX1Jn1q/F

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
700	krlqpzvoc.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\vkbcslwidp\krlqpzvoc.exe	NEAS.b1e85e73b6fc1754f882e6b586f78ca0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 700	1564	NEAS.b1e85e73b6fc1754f882e6b586f78ca0.exe	82
PID 1564 wrote to memory of 700	1564	NEAS.b1e85e73b6fc1754f882e6b586f78ca0.exe	82
PID 1564 wrote to memory of 700	1564	NEAS.b1e85e73b6fc1754f882e6b586f78ca0.exe	82

C:\Users\Admin\AppData\Local\Temp\NEAS.b1e85e73b6fc1754f882e6b586f78ca0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b1e85e73b6fc1754f882e6b586f78ca0.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\vkbcslwidp\krlqpzvoc.exe
  "C:\Program Files (x86)\vkbcslwidp\krlqpzvoc.exe"
  2⤵
  - Executes dropped EXE
  PID:700

C:\Program Files (x86)\vkbcslwidp\krlqpzvoc.exe

Filesize
4.2MB

MD5
8d796a4336370f36f9871d8ebe710022

SHA1
63fecbe4961649c687e762f5e5c88118700da785

SHA256
8d0a5f0c1ddd07b4ad8a325aae5ed7defedf2e68c5bd008e1d0d24a6e037b459

SHA512
b6d0eb045850a47b76898c490582690005b16083c5b83cb0cf8db259728e4d3515af74a3afde8faab160029c3a9c169d9426dfc87ccb191fc23b42ff7b31ffba

Download Submit
C:\Program Files (x86)\vkbcslwidp\krlqpzvoc.exe

Filesize
4.2MB

MD5
8d796a4336370f36f9871d8ebe710022

SHA1
63fecbe4961649c687e762f5e5c88118700da785

SHA256
8d0a5f0c1ddd07b4ad8a325aae5ed7defedf2e68c5bd008e1d0d24a6e037b459

SHA512
b6d0eb045850a47b76898c490582690005b16083c5b83cb0cf8db259728e4d3515af74a3afde8faab160029c3a9c169d9426dfc87ccb191fc23b42ff7b31ffba

Download Submit
memory/700-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/700-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1564-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1564-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1564-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download