98dc2daf1081aea5144fc16b9c974737977438c766a267b23989dd757e75c475

Analysis

max time kernel
141s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 17:18

Target

NEAS.a3a0b110a7d962daef18728b42b96100_JC.exe
Size

1.5MB
MD5

a3a0b110a7d962daef18728b42b96100
SHA1

0e378ad91f91267ace805bb37e712175270e58d1
SHA256

98dc2daf1081aea5144fc16b9c974737977438c766a267b23989dd757e75c475
SHA512

396d8191e57b352cf91b5ed2c6461d4b2a9b0122dae29f68e8254099e15d1d912bf1f854f2933b2b3dca3ca063401bc2db254ca12a29cada474003c7f879d88a
SSDEEP

24576:+FjNxkG1dsL/CVCRO/nEa++Hi+9ITLRfss5:+FnWLaVXPP7+TLRE

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	NEAS.a3a0b110a7d962daef18728b42b96100_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3572	NEAS.a3a0b110a7d962daef18728b42b96100_JC.exe

memory/3572-0-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3572-1-0x0000000002330000-0x0000000002397000-memory.dmp

Filesize
412KB

Download
memory/3572-6-0x0000000002330000-0x0000000002397000-memory.dmp

Filesize
412KB

Download
memory/3572-7-0x0000000002330000-0x0000000002397000-memory.dmp

Filesize
412KB

Download
memory/3572-12-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download