5fd2e6b63b2bce26b1338bfdaee1013e4ccebd104503f2eb741ab46b38d4ce00

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 21:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b565eb513f75a5586ddf400253eadf30.exe
Size

2.2MB
MD5

b565eb513f75a5586ddf400253eadf30
SHA1

1361966c3a8a0fd79120a83683a11b0dd9b04d12
SHA256

5fd2e6b63b2bce26b1338bfdaee1013e4ccebd104503f2eb741ab46b38d4ce00
SHA512

d6caa7bbac3c877f476b79281c4a1f5c3d12fcafabfbcc4c065e61e66d808aabaaa9e2daf79132566213d956d7cfc3a6b0dcc1633ff5c3aec1cd6f26ef1e0534
SSDEEP

49152:8w/8aOjSVbJjviqPMbYgQC7OdK6Sg6ArdOjyBUfHOsm/6t7wGU4TZ:P/8aOjSfjviqPMUo7xwr+DfOsGM79P9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2736	NEAS.b565eb513f75a5586ddf400253eadf30.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2736	2364	NEAS.b565eb513f75a5586ddf400253eadf30.exe	87
PID 2364 wrote to memory of 2736	2364	NEAS.b565eb513f75a5586ddf400253eadf30.exe	87
PID 2364 wrote to memory of 2736	2364	NEAS.b565eb513f75a5586ddf400253eadf30.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.b565eb513f75a5586ddf400253eadf30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b565eb513f75a5586ddf400253eadf30.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\is-2H4B9.tmp\NEAS.b565eb513f75a5586ddf400253eadf30.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2H4B9.tmp\NEAS.b565eb513f75a5586ddf400253eadf30.tmp" /SL5="$6011E,2012809,56832,C:\Users\Admin\AppData\Local\Temp\NEAS.b565eb513f75a5586ddf400253eadf30.exe"
  2⤵
  - Executes dropped EXE
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2H4B9.tmp\NEAS.b565eb513f75a5586ddf400253eadf30.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2H4B9.tmp\NEAS.b565eb513f75a5586ddf400253eadf30.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
memory/2364-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2364-3-0x00000000022E0000-0x000000000248F000-memory.dmp

Filesize
1.7MB

Download
memory/2364-4-0x0000000002490000-0x000000000263E000-memory.dmp

Filesize
1.7MB

Download
memory/2364-5-0x0000000002640000-0x00000000027F3000-memory.dmp

Filesize
1.7MB

Download
memory/2364-20-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2736-15-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2736-21-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2736-22-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads