6fe289e5d52c46e1daa3d25d4c1c980949392e733be3e6cdb8e866e23e5de85a | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 08:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d84de2a60b780778e01014885e693db0.exe
Size

5KB
MD5

d84de2a60b780778e01014885e693db0
SHA1

48b41435ff041ec06ac9be26570d3b63c293adea
SHA256

6fe289e5d52c46e1daa3d25d4c1c980949392e733be3e6cdb8e866e23e5de85a
SHA512

ef558f78cec3c01442b3beb3971c89da2e100f87cc6a57755e1494fa1bee94658f195a6b018f55b78d03713096b79634638dea70e62299e99fe71bc713c90cf3
SSDEEP

96:ltHPdX4DxmdSfB/817uOT99oTrpdO3lror:3VXGcc67uOT998kVor

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2976	2928	NEAS.d84de2a60b780778e01014885e693db0.exe	30
PID 2928 wrote to memory of 2976	2928	NEAS.d84de2a60b780778e01014885e693db0.exe	30
PID 2928 wrote to memory of 2976	2928	NEAS.d84de2a60b780778e01014885e693db0.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.d84de2a60b780778e01014885e693db0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d84de2a60b780778e01014885e693db0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231031T120143_345.exe
  2⤵
  PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads