51aa95a613f55edafa19209750b3ab9ca93a91d0961a07a988942fe34f763824 | Triage

Analysis

max time kernel
122s
max time network
141s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 09:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.edf1a7b2fb104b0eb8894fda4a213520.exe
Size

5KB
MD5

edf1a7b2fb104b0eb8894fda4a213520
SHA1

641b0149e7f746904e7a6a6344864438abb4884c
SHA256

51aa95a613f55edafa19209750b3ab9ca93a91d0961a07a988942fe34f763824
SHA512

637dcdb79c5d7b5b0a01d0fc5c0d4d0ee96820d8a98ddf579fa11539bb343683eb8c31e6002b1135ce6422734f78906e96bad50e2836535f0813111aca7deed4
SSDEEP

96:6VhtHwXPIJ4Sv3Rc0jFkeJWTOMTrdH40L0ror:6VLwXDWhc0TJWTObor

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2488	2120	NEAS.edf1a7b2fb104b0eb8894fda4a213520.exe	32
PID 2120 wrote to memory of 2488	2120	NEAS.edf1a7b2fb104b0eb8894fda4a213520.exe	32
PID 2120 wrote to memory of 2488	2120	NEAS.edf1a7b2fb104b0eb8894fda4a213520.exe	32

C:\Users\Admin\AppData\Local\Temp\NEAS.edf1a7b2fb104b0eb8894fda4a213520.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.edf1a7b2fb104b0eb8894fda4a213520.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231031T122031_343.exe
  2⤵
  PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads