f4dc3ff1951069797df532976b0d637f82b80fdda1f4892d1f96ca98b3870166

Analysis

max time kernel
131s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 20:17

Target

NEAS.eb5b8833b87d49956737729357ad1760.exe
Size

578KB
MD5

eb5b8833b87d49956737729357ad1760
SHA1

3c1c33e3c53112590bc3e12adc84d9271dd371ee
SHA256

f4dc3ff1951069797df532976b0d637f82b80fdda1f4892d1f96ca98b3870166
SHA512

64306a201bce5105a809a999d5efe3eb0f78fdff4c3f5c0e862bff4d79c058811bacb5b50556f35013bbcc64d881f483c67d5405c9c8d7b19c5093834ebdcada
SSDEEP

12288:IjiMo7us39MQ4UWw4IS40caXNdFI1F9zig4miTEPBA3:IjiMkuEozwNTug9z14mRBo

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1016	ogxfukiotninu.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\hyxvofp\ogxfukiotninu.exe	NEAS.eb5b8833b87d49956737729357ad1760.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1016	1448	NEAS.eb5b8833b87d49956737729357ad1760.exe	87
PID 1448 wrote to memory of 1016	1448	NEAS.eb5b8833b87d49956737729357ad1760.exe	87
PID 1448 wrote to memory of 1016	1448	NEAS.eb5b8833b87d49956737729357ad1760.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.eb5b8833b87d49956737729357ad1760.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.eb5b8833b87d49956737729357ad1760.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files (x86)\hyxvofp\ogxfukiotninu.exe
  "C:\Program Files (x86)\hyxvofp\ogxfukiotninu.exe"
  2⤵
  - Executes dropped EXE
  PID:1016

C:\Program Files (x86)\hyxvofp\ogxfukiotninu.exe

Filesize
593KB

MD5
b487d44412daa63b64922a2deef5d7a5

SHA1
1caf825fcb10b2f1274522f96b6bf12dd86eb9c0

SHA256
5818384ef72c230aee07dee0744f48772500354e4d9a0ced05c76d7bf5aaa2eb

SHA512
4a4ccbf7e18480ff586b8196a4d7ba5f72703c9b4edcabb3ed5323dc4f15376b1f06e41e53ac81161a93300204e55e7c30fca79496eb90eeb4e98d9a43b8e903

Download Submit
C:\Program Files (x86)\hyxvofp\ogxfukiotninu.exe

Filesize
593KB

MD5
b487d44412daa63b64922a2deef5d7a5

SHA1
1caf825fcb10b2f1274522f96b6bf12dd86eb9c0

SHA256
5818384ef72c230aee07dee0744f48772500354e4d9a0ced05c76d7bf5aaa2eb

SHA512
4a4ccbf7e18480ff586b8196a4d7ba5f72703c9b4edcabb3ed5323dc4f15376b1f06e41e53ac81161a93300204e55e7c30fca79496eb90eeb4e98d9a43b8e903

Download Submit
memory/1016-9-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1016-11-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1016-12-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1448-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1448-1-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1448-2-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1448-3-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1448-5-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download