8f3f46137a2d37c1a9ae39a06777e536aeb7fa2705c6100958dcc9fa914e4f65

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4545290d3484e3025debd0ee61610fd0.exe
Size

621KB
MD5

4545290d3484e3025debd0ee61610fd0
SHA1

7ae2e35894ef3f69f17b87f63e99ee4b06814a12
SHA256

8f3f46137a2d37c1a9ae39a06777e536aeb7fa2705c6100958dcc9fa914e4f65
SHA512

e22ef73665fe14f86f894295d04d7f7b8c215e7d62b7d6af483758a281430889ec51b1716dc8c3220368ad1ebb9d7e0353bf5ac988606fe4726299a13a472989
SSDEEP

12288:A4eH5HlYFGhgftuyFRWzRSxxtJlOT4udasHYz4P90Sj:A4enYF2gwlzRuzLO8sHY810Sj

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe
2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1992	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	29
PID 2440 wrote to memory of 1992	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	29
PID 2440 wrote to memory of 1992	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	29
PID 2440 wrote to memory of 2708	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	30
PID 2440 wrote to memory of 2708	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	30
PID 2440 wrote to memory of 2708	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	30
PID 2440 wrote to memory of 2244	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	31
PID 2440 wrote to memory of 2244	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	31
PID 2440 wrote to memory of 2244	2440	NEAS.4545290d3484e3025debd0ee61610fd0.exe	31

C:\Users\Admin\AppData\Local\Temp\NEAS.4545290d3484e3025debd0ee61610fd0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4545290d3484e3025debd0ee61610fd0.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 5
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2440-0-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2440-1-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download