83ad9dce557d04efee9ca4167843eb06bbc05fe2f7ac931722936697ba8c3269

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 20:33

Target

NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe
Size

82KB
MD5

02e51501d596ca7bf4cfb54adf3bb2b0
SHA1

5606453adf0b44b90d202d4783e409ed0c00f973
SHA256

83ad9dce557d04efee9ca4167843eb06bbc05fe2f7ac931722936697ba8c3269
SHA512

d027a2b12ceff7de4823e518690e15e61688e923573474c70ffb568ea9072e1b48eb5e9751fc3178b99c0634a2b47092c72420c5dd37338d47be7619d0d62c9a
SSDEEP

1536:seF83Lucdlc+LDo34yFXxukbH24zF/I9QbzEsLu8g00CmuJd4BXH:sJL1wpIyFXx5vmuXvLu8g0Bbd45

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4308	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe

Executes dropped EXE 1 IoCs

pid	Process
4308	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3716-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00090000000224ad-11.dat	upx
behavioral2/memory/4308-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3716	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3716	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe
4308	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 4308	3716	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe	88
PID 3716 wrote to memory of 4308	3716	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe	88
PID 3716 wrote to memory of 4308	3716	NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe	88

C:\Users\Admin\AppData\Local\Temp\NEAS.02e51501d596ca7bf4cfb54adf3bb2b0.exe

Filesize
82KB

MD5
668b89890211cb23fd38753e6fa306e9

SHA1
b6a743cd5c90d2cab8d06df4babf462515163a5e

SHA256
2cf1a30eb09789b8716d420c4b861321bd21dcf84ff80902a77a751421b9a04a

SHA512
dafcc4fd00f6fde58e03d8108523ea97b615f9fa170e2c5a1b6f3e0abf182bfdd0a453c1cfb0f30530a3064233dbbbd4558defa258316874a6059a9df22457f6

Download Submit
memory/3716-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3716-1-0x00000000000E0000-0x00000000000EE000-memory.dmp

Filesize
56KB

Download
memory/3716-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3716-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4308-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4308-15-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/4308-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4308-21-0x0000000001470000-0x000000000148B000-memory.dmp

Filesize
108KB

Download
memory/4308-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4308-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download