e2b4c9c556a3a49006f46c0ab46b9c3c4a428f45064061d1fb836851cf24907a

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 08:58

Target

NEAS.c6f901f574c285728ee02f6551532690.exe
Size

5KB
MD5

c6f901f574c285728ee02f6551532690
SHA1

24a6e09f90358f10a35501a6d34fbf1e0c656720
SHA256

e2b4c9c556a3a49006f46c0ab46b9c3c4a428f45064061d1fb836851cf24907a
SHA512

e19d0108ae8d7d787904e726bc30ef9db85aff4ddcdef98d7d9af87100739528e790a692d74a79d7040e87e29e495730ebec243449a8736d672f4f084c888ccf
SSDEEP

48:6aXAtHKWXRkz+WDiSODn9Q8vRWizukEGvltT8NyTrg7lKIiKIH9orw20ylL:PAtHnXRx0iSOD9R/VNtYwTrk7i7dorn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 3020	1172	NEAS.c6f901f574c285728ee02f6551532690.exe	30
PID 1172 wrote to memory of 3020	1172	NEAS.c6f901f574c285728ee02f6551532690.exe	30
PID 1172 wrote to memory of 3020	1172	NEAS.c6f901f574c285728ee02f6551532690.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.c6f901f574c285728ee02f6551532690.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c6f901f574c285728ee02f6551532690.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231031T114604_138.exe
  2⤵
  PID:3020