585aaff5e0f19fc3e33ee918fcff51fdb212f0f8d9d285339b48bbe649c69d5d

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2023 07:30

Target

NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe
Size

79KB
MD5

c04f2d1ffd34ddb3da47ea55cb1334c0
SHA1

fcabb5f95ccbaf203598c6d99d8d277568b04a65
SHA256

585aaff5e0f19fc3e33ee918fcff51fdb212f0f8d9d285339b48bbe649c69d5d
SHA512

5c6d1cd106d37ee3f5f3f344dc48a05ed5367e5b72d713ccb8e06ab58fb8afe53fd9260451055987aa59cc1ec6c1b22825c2eba8847ea48e9c8aea2371ad6898
SSDEEP

1536:zvTWcksg0pOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvqvL0oGdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1848	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 3304	2604	NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe	87
PID 2604 wrote to memory of 3304	2604	NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe	87
PID 2604 wrote to memory of 3304	2604	NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe	87
PID 3304 wrote to memory of 1848	3304	cmd.exe	88
PID 3304 wrote to memory of 1848	3304	cmd.exe	88
PID 3304 wrote to memory of 1848	3304	cmd.exe	88

C:\Users\Admin\AppData\Local\Temp\NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c04f2d1ffd34ddb3da47ea55cb1334c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3304
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1848

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
47ae9e7263d6d64209496e1af70c79f5

SHA1
7a4d5ed8ce0f9f3cf51a93d81ca9b8f908dd404b

SHA256
dce71ea439b0f4c7d6b798a787f98809d671b59061a6e2f1b3ee9cbab308a491

SHA512
55d1395e63bbfa96304d133e53a09428ec794c37643ae3238bf50e1c890f42a0a45fee95c63f0576e9c7b0455d7e736da1c01a5ba70181c9b5a08102a9638f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
47ae9e7263d6d64209496e1af70c79f5

SHA1
7a4d5ed8ce0f9f3cf51a93d81ca9b8f908dd404b

SHA256
dce71ea439b0f4c7d6b798a787f98809d671b59061a6e2f1b3ee9cbab308a491

SHA512
55d1395e63bbfa96304d133e53a09428ec794c37643ae3238bf50e1c890f42a0a45fee95c63f0576e9c7b0455d7e736da1c01a5ba70181c9b5a08102a9638f66

Download Submit
memory/1848-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2604-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download