226e87bdb9220f52230483099d41414c397daa29e9d5c0a4381fd08e254dc7a8

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 00:12

Target

NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe
Size

1.1MB
MD5

75da6747c4dc7404bd1e51cad50a8860
SHA1

7f3d1788068a90696538a7d4a692b1d2db6b1e9f
SHA256

226e87bdb9220f52230483099d41414c397daa29e9d5c0a4381fd08e254dc7a8
SHA512

a3fcc58b1af247ba9e14fe11b1e6f561e429e9b2e0e3dcb90f1f65318fa514d804a1fb1e9fc6a91ec182a087eb87b4e16f69e3e6075f0ce510bfb81215b41f6a
SSDEEP

12288:GJx7tfjOD77CT4Vt711OM4+HtrXufEGCEJ8xVWanynmxuy3NBYGl1IGeq0hFDNJ:2jOD77CT4Vt711Y8refEGMrpnGq

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4664 set thread context of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91
PID 4664 wrote to memory of 1388	4664	NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe	91

C:\Users\Admin\AppData\Local\Temp\NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.75da6747c4dc7404bd1e51cad50a8860_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1388

memory/1388-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1388-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1388-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1388-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1388-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download