e6781cf12a18ccfc8df1c2f7e22b69fc1c827df6eabdbf6b51b6e5f5f7bccdc2

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 08:59

Target

NEAS.e21d24ef2f1f4f30694143746ae3cb90.exe
Size

332KB
MD5

e21d24ef2f1f4f30694143746ae3cb90
SHA1

301b05c4a4de626d498066cd9f717d5cb6e20329
SHA256

e6781cf12a18ccfc8df1c2f7e22b69fc1c827df6eabdbf6b51b6e5f5f7bccdc2
SHA512

eb5fdae7f78db18a94445f97d0af49c8c19c074c7aeb95b63df379cb8513a2894838cc0f5731e62a3447ba8098dfd3c70a068a20198542fb6dac3d5e0ca927ad
SSDEEP

6144:DmSHm8gnhTB0FbhqTALE0L+pz/TK6pBH3DH3B37TJ1QUCQh:DBG8ghTaFbkTW+11zTx3R1QUJ

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2636	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2636	2124	NEAS.e21d24ef2f1f4f30694143746ae3cb90.exe	28
PID 2124 wrote to memory of 2636	2124	NEAS.e21d24ef2f1f4f30694143746ae3cb90.exe	28
PID 2124 wrote to memory of 2636	2124	NEAS.e21d24ef2f1f4f30694143746ae3cb90.exe	28
PID 2124 wrote to memory of 2636	2124	NEAS.e21d24ef2f1f4f30694143746ae3cb90.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.e21d24ef2f1f4f30694143746ae3cb90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e21d24ef2f1f4f30694143746ae3cb90.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 416
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2636

memory/2124-15-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/2124-8-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/2124-7-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/2124-9-0x0000000074660000-0x0000000074C0B000-memory.dmp

Filesize
5.7MB

Download
memory/2124-10-0x0000000074660000-0x0000000074C0B000-memory.dmp

Filesize
5.7MB

Download
memory/2124-11-0x0000000000650000-0x0000000000690000-memory.dmp

Filesize
256KB

Download
memory/2124-13-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/2124-14-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/2124-6-0x0000000074F80000-0x0000000075090000-memory.dmp

Filesize
1.1MB

Download
memory/2124-16-0x0000000074660000-0x0000000074C0B000-memory.dmp

Filesize
5.7MB

Download
memory/2124-17-0x0000000000650000-0x0000000000690000-memory.dmp

Filesize
256KB

Download
memory/2636-12-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/2636-18-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download