b8a80dc71ffd2e46295be5a878eeaa58c4641cb6a687b6b9c707cc1e1ca90b43

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 16:46

Target

NEAS.0ab21132e2eee9c36d3b974d1248a540.exe
Size

929KB
MD5

0ab21132e2eee9c36d3b974d1248a540
SHA1

62de7f4d6eb3a1a805d2a298133615a5d466d6ca
SHA256

b8a80dc71ffd2e46295be5a878eeaa58c4641cb6a687b6b9c707cc1e1ca90b43
SHA512

de1c91f2bdf38ccfb1f11205f31fc949f385196b66844f287131319645e5172df785b9bfb05cb1b73c15fca3f5aa7b20b9c492b126a046ec20810f7051301d16
SSDEEP

24576:l4XKqa8SEiGURj37AocOLuYDNqO9nQ1NI:l46qaa9URj3cocOLpDNMfI

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3000	alwbqequiv.exe

Loads dropped DLL 1 IoCs

pid	Process
2364	NEAS.0ab21132e2eee9c36d3b974d1248a540.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\sfzmiodhjo\alwbqequiv.exe	NEAS.0ab21132e2eee9c36d3b974d1248a540.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 3000	2364	NEAS.0ab21132e2eee9c36d3b974d1248a540.exe	28
PID 2364 wrote to memory of 3000	2364	NEAS.0ab21132e2eee9c36d3b974d1248a540.exe	28
PID 2364 wrote to memory of 3000	2364	NEAS.0ab21132e2eee9c36d3b974d1248a540.exe	28
PID 2364 wrote to memory of 3000	2364	NEAS.0ab21132e2eee9c36d3b974d1248a540.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.0ab21132e2eee9c36d3b974d1248a540.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0ab21132e2eee9c36d3b974d1248a540.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\sfzmiodhjo\alwbqequiv.exe
  "C:\Program Files (x86)\sfzmiodhjo\alwbqequiv.exe"
  2⤵
  - Executes dropped EXE
  PID:3000

C:\Program Files (x86)\sfzmiodhjo\alwbqequiv.exe

Filesize
943KB

MD5
bbb044a268875b6185f01d3ceadfa71c

SHA1
e0048d50d77669d2fc81f1a38142909b926c11a0

SHA256
7a9bb561a0f1007ed568a07227dbc525e7862b0ecc017a122e8796cfa49ec247

SHA512
ae6fa84d757fbeaed14b2ba2f8823cc761bbc2dda0b6838b4acde1a7afb71354bcca9297d609570bc6382483ee7b1f9b08f9a83baaccb07516fc77972ef352ab

Download Submit
\Program Files (x86)\sfzmiodhjo\alwbqequiv.exe

Filesize
943KB

MD5
bbb044a268875b6185f01d3ceadfa71c

SHA1
e0048d50d77669d2fc81f1a38142909b926c11a0

SHA256
7a9bb561a0f1007ed568a07227dbc525e7862b0ecc017a122e8796cfa49ec247

SHA512
ae6fa84d757fbeaed14b2ba2f8823cc761bbc2dda0b6838b4acde1a7afb71354bcca9297d609570bc6382483ee7b1f9b08f9a83baaccb07516fc77972ef352ab

Download Submit
memory/2364-0-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2364-1-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2364-7-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2364-5-0x00000000004A0000-0x0000000000537000-memory.dmp

Filesize
604KB

Download
memory/3000-10-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3000-11-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download