aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2023 17:51

Target

NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe
Size

683KB
MD5

eb2f1c5332b3cb16fc91e1ab0595676f
SHA1

76aa675919f347ab0badeec1d90c50e466e07cf1
SHA256

aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99
SHA512

c1eefe78d72a6eee5dfef48fa10c0df2a2f517f739916309cd3f3fae796e04cd65ed926034a59811136a9e514447d18cc6b051c100df99dd79f6ce977709bb9b
SSDEEP

12288:Jo7s9MwIr7Gs2Uqhi6MlSyqAao6ssub3BCjYj6/Ug00DR:Jo7s9M9rkJnM08aJubgR00V

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2540 set thread context of 3504	2540	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe	84

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3504	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe
3504	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 3504	2540	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe	84
PID 2540 wrote to memory of 3504	2540	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe	84
PID 2540 wrote to memory of 3504	2540	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe	84
PID 2540 wrote to memory of 3504	2540	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe	84
PID 2540 wrote to memory of 3504	2540	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe	84
PID 2540 wrote to memory of 3504	2540	NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe	84

C:\Users\Admin\AppData\Local\Temp\NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aded7c29741570f0d9241a72860ffec5c5cc37271ff3957fe857201511573e99exe_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

memory/2540-8-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/2540-6-0x0000000005630000-0x000000000563A000-memory.dmp

Filesize
40KB

Download
memory/2540-2-0x0000000005BC0000-0x0000000006164000-memory.dmp

Filesize
5.6MB

Download
memory/2540-3-0x0000000005460000-0x00000000054F2000-memory.dmp

Filesize
584KB

Download
memory/2540-0-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/2540-5-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/2540-1-0x00000000009F0000-0x0000000000AA0000-memory.dmp

Filesize
704KB

Download
memory/2540-7-0x0000000005700000-0x0000000005718000-memory.dmp

Filesize
96KB

Download
memory/2540-4-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/2540-9-0x0000000000B50000-0x0000000000B60000-memory.dmp

Filesize
64KB

Download
memory/2540-10-0x0000000007FD0000-0x000000000804A000-memory.dmp

Filesize
488KB

Download
memory/2540-11-0x000000000A680000-0x000000000A71C000-memory.dmp

Filesize
624KB

Download
memory/2540-14-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/3504-12-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3504-15-0x0000000000F70000-0x00000000012BA000-memory.dmp

Filesize
3.3MB

Download
memory/3504-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download