7f66ff3584b1ba8000dbd5d48a75b979ea5307ad01571709aa84dfc917651ec0

Analysis

max time kernel
119s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:19

Target

NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe
Size

189KB
MD5

517817eb5eedaa18bdec769e7ce1fdf0
SHA1

53de132964d2753cbb2a0b5d9f60893319b203f2
SHA256

7f66ff3584b1ba8000dbd5d48a75b979ea5307ad01571709aa84dfc917651ec0
SHA512

96845de4ab8cb5ceae2f4b3fc006b7c3c3a433b4cbcf1beac5bd2bf23b5fdedb37cfb7398aba25044a05f68e2db99763b62ba0e0da7b0335f79f49182479e5f3
SSDEEP

3072:j/Aq24TVSzXHj+iImrB+KltKQo+PHWHvrEpzibBJieVGEKB3zIJ6Dps:jZ24TVSLDQsEKeQr2HvryzkUeVGJc0K

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4064 set thread context of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87
PID 4064 wrote to memory of 3536	4064	NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.517817eb5eedaa18bdec769e7ce1fdf0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4064
- \??\c:\users\admin\appdata\local\temp\neas.517817eb5eedaa18bdec769e7ce1fdf0.exe
  "c:\users\admin\appdata\local\temp\neas.517817eb5eedaa18bdec769e7ce1fdf0.exe"
  2⤵
  PID:3536

memory/3536-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3536-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3536-3-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3536-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download