e5116c5ef59e07bf249de62e4d3a6e1ca1680f7d697473ea726a47bdb5e1ea7f

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 00:27

Target

NEAS.cda83b98a08e3dddead6ec37d9783450.exe
Size

3.0MB
MD5

cda83b98a08e3dddead6ec37d9783450
SHA1

009c41ebe54d63f5e25a043bddd3009fe9fc806a
SHA256

e5116c5ef59e07bf249de62e4d3a6e1ca1680f7d697473ea726a47bdb5e1ea7f
SHA512

0c92e390cfda637b73fc4c21196f58094ffe06ee6e0d4b01abcd556edf5b125c6502d8cfbff50771996253f1f9b79a9aed5274cde356f31c3e03516f749c2bcb
SSDEEP

98304:HLTfRajZwgV/YyUvPE24qD+s4qD+7yU5ovEzCei2xZdLj:HRaFw0/YyUvPl0s07yU5Tjxz

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1960	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1960	1748	NEAS.cda83b98a08e3dddead6ec37d9783450.exe	28
PID 1748 wrote to memory of 1960	1748	NEAS.cda83b98a08e3dddead6ec37d9783450.exe	28
PID 1748 wrote to memory of 1960	1748	NEAS.cda83b98a08e3dddead6ec37d9783450.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.cda83b98a08e3dddead6ec37d9783450.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cda83b98a08e3dddead6ec37d9783450.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 460
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1960

memory/1748-0-0x000007FEF56B0000-0x000007FEF604D000-memory.dmp

Filesize
9.6MB

Download
memory/1748-1-0x0000000000B10000-0x0000000000B90000-memory.dmp

Filesize
512KB

Download
memory/1748-2-0x000007FEF56B0000-0x000007FEF604D000-memory.dmp

Filesize
9.6MB

Download
memory/1748-5-0x000007FEF56B0000-0x000007FEF604D000-memory.dmp

Filesize
9.6MB

Download
memory/1748-6-0x0000000000B10000-0x0000000000B90000-memory.dmp

Filesize
512KB

Download
memory/1960-4-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download