f600c8e90b887847fff0c0ab5e4d8098c2eebbca282d46161b890e78ded5980e

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 22:06

Target

NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe
Size

88KB
MD5

2a8c223dd28b51d8fc35d4a5e9249c20
SHA1

53566110f8e84751702640d373538199dda19b4c
SHA256

f600c8e90b887847fff0c0ab5e4d8098c2eebbca282d46161b890e78ded5980e
SHA512

b493c14abe5897dd3a0d1d4f4194f3083d3c632f1a6f9b1bcf901104941d97c0be362cc3a4807999264de345dbc074db02045cf0c180ff07b2e1b22bf9b7eac7
SSDEEP

1536:iZ55Ljoq4M2quFS7q4dRlRrKv3cFXY6lgdSyRT+6/OaWJOsIzrnClPjhAv8njCWy:gLjoq4M8FS2CTlKfUX6XDNHC9vnuW8nD

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2656 set thread context of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe
Token: SeIncBasePriorityPrivilege	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28
PID 2656 wrote to memory of 2024	2656	NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2a8c223dd28b51d8fc35d4a5e9249c20.exe
  2⤵
  PID:2024

memory/2024-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2024-8-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2024-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2024-11-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2024-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2024-14-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2024-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2656-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2656-1-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/2656-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2656-3-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2656-9-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download