f9645b77f8ea5c21052a217778d1e2aeaca2462a964d89fbf223dcbd9f5a4219 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01-11-2023 14:23

Sharing

Report Analysis Logs

General

Target

NEAS.edecc6c225841d7e46ec876ccb39ca40.exe
Size

888KB
MD5

edecc6c225841d7e46ec876ccb39ca40
SHA1

022c4696e95530cf7c7db2ef4e3a2bf0e81b0102
SHA256

f9645b77f8ea5c21052a217778d1e2aeaca2462a964d89fbf223dcbd9f5a4219
SHA512

ac25f0781a83fc3f02e2ecaf46689ca0e9a36a9750ffd8f26cd2645d7493a3e5cef1dc18f903f4fe00db70c41e78668d959967d5a6d782782c507573b0d2b113
SSDEEP

24576:LmX7ZuvgYRnedEaLHTnYLYAqSsxuY2BwVI:aLUvgYn6LHpAhsxuYZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2684	2108	NEAS.edecc6c225841d7e46ec876ccb39ca40.exe	28
PID 2108 wrote to memory of 2684	2108	NEAS.edecc6c225841d7e46ec876ccb39ca40.exe	28
PID 2108 wrote to memory of 2684	2108	NEAS.edecc6c225841d7e46ec876ccb39ca40.exe	28
PID 2108 wrote to memory of 2684	2108	NEAS.edecc6c225841d7e46ec876ccb39ca40.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.edecc6c225841d7e46ec876ccb39ca40.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.edecc6c225841d7e46ec876ccb39ca40.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\NEAS.edecc6c225841d7e46ec876ccb39ca40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.edecc6c225841d7e46ec876ccb39ca40.exe" -z2
  2⤵
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads