6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96

Analysis

max time kernel
119s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
17-10-2023 17:20

Target

NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe
Size

413KB
MD5

a1d640a8696f12bda8457ef6dd4a97cb
SHA1

8eeb3056f47f309ad4406674f697e6ce9218b5af
SHA256

6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96
SHA512

3257662605cdf00e64d6d1d0dedf9b9b7678805d0bfa5a20a5971a333437757f4b629c78df29bf0f25f486031eed9f703736cdf4393e2462f44c97c2b320458e
SSDEEP

6144:Jf8zGBIKD2SJMzodRpUZNFvzsB8TPCUnEi38UIRZdk6ceh9X3P9lRc:N8zGfD2S+j5sB8uU21k6ceXm

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe

description	pid	process	target process
PID 2252 wrote to memory of 1756	2252	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe
PID 2252 wrote to memory of 1756	2252	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe
PID 2252 wrote to memory of 1756	2252	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe
PID 2252 wrote to memory of 1756	2252	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe	NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252

C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS6cf693bad16af8a716014d5dbf978dcfad1d39c3e079ac383c4bd0870d583c96exeexe_JC.exe
2⤵
PID:1756

memory/2252-0-0x0000000000AF0000-0x0000000000B5C000-memory.dmp

Filesize
432KB

Download
memory/2252-1-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-2-0x0000000000AA0000-0x0000000000AF4000-memory.dmp

Filesize
336KB

Download
memory/2252-3-0x0000000004700000-0x0000000004740000-memory.dmp

Filesize
256KB

Download
memory/2252-4-0x0000000000520000-0x000000000052A000-memory.dmp

Filesize
40KB

Download
memory/2252-5-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download