6c19e8df420532ebb6f1aca674f2d1f34001fad214a1944e504a22741ac367d2

Analysis

max time kernel
139s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 21:24

Target

NEAS.7c005f49540cb905e50eae0fafb86cd0.exe
Size

5KB
MD5

7c005f49540cb905e50eae0fafb86cd0
SHA1

a1d7d32db8cab1e71245d0e767d8391d83857f15
SHA256

6c19e8df420532ebb6f1aca674f2d1f34001fad214a1944e504a22741ac367d2
SHA512

0946ca4b74faeebaf664d275f266d2ace96f0c40bbdcda3d27053ec08de83d248b49ea4d00aad612bfb7354d620b38d09a2f021167d1e1b735679db1de3b617b
SSDEEP

96:jtHFXoHZ+mPfnJcV1F+ruOJH99oTrVlzBJXor10:VFX0smnmz2uOJH99UJXor10

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 1140	3980	NEAS.7c005f49540cb905e50eae0fafb86cd0.exe	89
PID 3980 wrote to memory of 1140	3980	NEAS.7c005f49540cb905e50eae0fafb86cd0.exe	89

C:\Users\Admin\AppData\Local\Temp\NEAS.7c005f49540cb905e50eae0fafb86cd0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.7c005f49540cb905e50eae0fafb86cd0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231022T013147_182.exe
  2⤵
  PID:1140