87570d78565fc90aaddbc46e84ab23ae3ba7d51f1531cf81837d2ef65be98faa

Analysis

max time kernel
137s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 18:02

Target

NEAS.08d68cb21d58d6384cb3e517c7b5b410.exe
Size

27KB
MD5

08d68cb21d58d6384cb3e517c7b5b410
SHA1

eec60060ed59e77d6c7c867d9a51c518ebf33c75
SHA256

87570d78565fc90aaddbc46e84ab23ae3ba7d51f1531cf81837d2ef65be98faa
SHA512

66c42058c619092e5b457c7951dba300827bb8a9af9ce0216977a0ac84cbf0dd261b8422637bb2e2ea56506dd20de28b0b9742ed282013431d5b98deb52fba14
SSDEEP

384:qtRlHQ1RCmz54/1lbjdGSExyr0lXjJoMryPWlw4Qi7DGnI5QybPp15HZ:0Y1j61ljdGSExTlzFy+lYi7J5QI3z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 1512	896	NEAS.08d68cb21d58d6384cb3e517c7b5b410.exe	83
PID 896 wrote to memory of 1512	896	NEAS.08d68cb21d58d6384cb3e517c7b5b410.exe	83
PID 896 wrote to memory of 1512	896	NEAS.08d68cb21d58d6384cb3e517c7b5b410.exe	83

C:\Users\Admin\AppData\Local\Temp\NEAS.08d68cb21d58d6384cb3e517c7b5b410.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.08d68cb21d58d6384cb3e517c7b5b410.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:1512

memory/896-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/896-4-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download