4dd740b02246b4bf129f70b5d8534a1158064e749506c7863ac97b9bbdc60460

Analysis

max time kernel
140s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 15:47

Target

NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe
Size

1.1MB
MD5

b0a43e697a08a26a3b66b0e3387a8ca0
SHA1

e99ce2ab72e4bf8a8c20047778e96e00ccea711b
SHA256

4dd740b02246b4bf129f70b5d8534a1158064e749506c7863ac97b9bbdc60460
SHA512

868f332b0534ce04d48d1bdb2cf167e0c621ff2a62bff94a00afe4f95a99c3b95e5bd7d139c894983bf6201bb258a086ea5d2fb30f37155cd7f0e14a3e4a9c3f
SSDEEP

12288:a968cKltpYmtww5o7a0dY71eC+8/yqkOIZHEff7eKgru+CVzSSzM8Gu:abAmtww5o7a0dGD5/yDZIiyo8

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2724 set thread context of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90
PID 2724 wrote to memory of 2244	2724	NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe	90

C:\Users\Admin\AppData\Local\Temp\NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b0a43e697a08a26a3b66b0e3387a8ca0_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2244

memory/2244-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2244-2-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2244-3-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2244-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2244-4-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download