a56a7dc08fd740c03e0f148e51421e99ba2d680f8ce63aa967ebe67293c30043

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 08:58

Target

NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe
Size

89KB
MD5

c7398fc5e58f9301c3b93220a18c73a0
SHA1

fca12e09cbd7edae2b961cfab5db4cddb30316d9
SHA256

a56a7dc08fd740c03e0f148e51421e99ba2d680f8ce63aa967ebe67293c30043
SHA512

25c80d1144c06ca6f05eaf053bccea0b2a1477c3d6fd4e5025f54951d2669b6abb9357c5b97c2dac6cdaf1210033961e08d843f39a90a046e4cb1f05012092cc
SSDEEP

1536:WuKVN63zJqIlLpXLroLmcYXV/O16nvaHWdCx8lXDuIRZCmu8GZiYPvA3bOh5:dKVEtqIlLpbsLmcYXVlnvk1xatrs

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3676	antifahib.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
52	icanhazip.com

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 3676	652	NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe	87
PID 652 wrote to memory of 3676	652	NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe	87
PID 652 wrote to memory of 3676	652	NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Users\Admin\AppData\Local\Temp\antifahib.exe
  C:\Users\Admin\AppData\Local\Temp\antifahib.exe
  2⤵
  - Executes dropped EXE
  PID:3676

C:\Users\Admin\AppData\Local\Temp\antifahib.exe

Filesize
89KB

MD5
158f59afda9a75d547d2d17521705cdb

SHA1
3b6a4ceca9c337cf666f28aac76f7e76894175eb

SHA256
ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862

SHA512
96056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\antifahib.exe

Filesize
89KB

MD5
158f59afda9a75d547d2d17521705cdb

SHA1
3b6a4ceca9c337cf666f28aac76f7e76894175eb

SHA256
ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862

SHA512
96056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba

Download Submit
memory/652-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/652-1-0x0000000000430000-0x0000000000435000-memory.dmp

Filesize
20KB

Download
memory/652-2-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/652-7-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3676-9-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download