6634d74ee61444d16721930f7840bf0ea9a12b854a2aeaaf4a72160cda882175

Analysis

max time kernel
137s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 20:16

Target

NEAS.dd23c7d2b2d5c136f673a3ecaddec1e0.exe
Size

79KB
MD5

dd23c7d2b2d5c136f673a3ecaddec1e0
SHA1

db199f5a63be6876e1fcffcc1456ccae1baa6be5
SHA256

6634d74ee61444d16721930f7840bf0ea9a12b854a2aeaaf4a72160cda882175
SHA512

7ec3a406d4a81eba7ab56845e1e9f898e56bbb269244e6df3f535747cf5c9e9de407748687ca11f64d3f163adda1ec603b817d45108aff0cc6226e658b35ff1e
SSDEEP

1536:zvwy82XcW1+Qfo29Z0wbOQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zvr88cW1+Io/wKGdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1416	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 3168	3528	NEAS.dd23c7d2b2d5c136f673a3ecaddec1e0.exe	87
PID 3528 wrote to memory of 3168	3528	NEAS.dd23c7d2b2d5c136f673a3ecaddec1e0.exe	87
PID 3528 wrote to memory of 3168	3528	NEAS.dd23c7d2b2d5c136f673a3ecaddec1e0.exe	87
PID 3168 wrote to memory of 1416	3168	cmd.exe	89
PID 3168 wrote to memory of 1416	3168	cmd.exe	89
PID 3168 wrote to memory of 1416	3168	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\NEAS.dd23c7d2b2d5c136f673a3ecaddec1e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.dd23c7d2b2d5c136f673a3ecaddec1e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3168
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1416

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a47d7b3a91e302c5213416198700ac55

SHA1
67178ca50624992d69e9c7e16a178eb436f173d5

SHA256
d4a42076efa135b71469929b864d5d888796e9af966b1fc882f0c2f0ad34e1ce

SHA512
e653f7526573df73bf737f62a39d3203ee7880e718d93ca5ac32a6ffd928525e24b98450d1088d8b0312a8c6c7c024c7a1c00775ff0027b3e250828c9a5ef81d

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a47d7b3a91e302c5213416198700ac55

SHA1
67178ca50624992d69e9c7e16a178eb436f173d5

SHA256
d4a42076efa135b71469929b864d5d888796e9af966b1fc882f0c2f0ad34e1ce

SHA512
e653f7526573df73bf737f62a39d3203ee7880e718d93ca5ac32a6ffd928525e24b98450d1088d8b0312a8c6c7c024c7a1c00775ff0027b3e250828c9a5ef81d

Download Submit
memory/1416-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3528-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download