0401c42a658bba1d2a93cba3b4de2964ab4032302c00c629283e251dfec19dd4

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 19:25

Target

NEAS.04dbf60413c501629224e20f7510aaf0.exe
Size

120KB
MD5

04dbf60413c501629224e20f7510aaf0
SHA1

95c50368fccb64568f6c997cf834b4e989c1e74c
SHA256

0401c42a658bba1d2a93cba3b4de2964ab4032302c00c629283e251dfec19dd4
SHA512

8af7e1781757746e70328e040c48c7529fe9f4c69ef3fb5f4fee8a575fb664fd57989e75fa73f2f329b63527f65ee2b4b783e418ba692da7f81066218f6fa439
SSDEEP

3072:37RXCRQ/v6LqN7sIIgK0qJFDWQ526dU7p:kehHa01Q526Wp

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2796	2028	NEAS.04dbf60413c501629224e20f7510aaf0.exe	28
PID 2028 wrote to memory of 2796	2028	NEAS.04dbf60413c501629224e20f7510aaf0.exe	28
PID 2028 wrote to memory of 2796	2028	NEAS.04dbf60413c501629224e20f7510aaf0.exe	28
PID 2028 wrote to memory of 2796	2028	NEAS.04dbf60413c501629224e20f7510aaf0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.04dbf60413c501629224e20f7510aaf0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.04dbf60413c501629224e20f7510aaf0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\NEAS.04dbf60413c501629224e20f7510aaf0.exe
  ?
  2⤵
  PID:2796

memory/2028-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2028-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2028-1-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2028-6-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2796-11-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2796-15-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download