975e700ee720d911ff1f794bbc843517b278292aa959ecbc9415f2a8be9f38ea

Analysis

max time kernel
144s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 20:48

Target

NEAS.aff625098f90aea87a86e1e94d1ff970.exe
Size

122KB
MD5

aff625098f90aea87a86e1e94d1ff970
SHA1

fe163d84539a8bc5411614e2dc6ec3467b8ea19e
SHA256

975e700ee720d911ff1f794bbc843517b278292aa959ecbc9415f2a8be9f38ea
SHA512

12753ccc5e0506cee33b252670147253705c238ca6c30d7fa88fd5222d17db7011223f183ce5dae619e7b31e646b5e736bbd65a82e43e35957832efb23151aa4
SSDEEP

3072:RAbPLV7Pz2vVYtwOQ5jv3Gd22DMfhCq5RHcwlNAh:ibPLJLtwdv2PalHah

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4156	NEAS.aff625098f90aea87a86e1e94d1ff970.exe

Executes dropped EXE 1 IoCs

pid	Process
4156	NEAS.aff625098f90aea87a86e1e94d1ff970.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/888-0-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral2/files/0x00040000000006e5-12.dat	upx
behavioral2/memory/4156-14-0x0000000000400000-0x000000000047D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
888	NEAS.aff625098f90aea87a86e1e94d1ff970.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
888	NEAS.aff625098f90aea87a86e1e94d1ff970.exe
4156	NEAS.aff625098f90aea87a86e1e94d1ff970.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 4156	888	NEAS.aff625098f90aea87a86e1e94d1ff970.exe	87
PID 888 wrote to memory of 4156	888	NEAS.aff625098f90aea87a86e1e94d1ff970.exe	87
PID 888 wrote to memory of 4156	888	NEAS.aff625098f90aea87a86e1e94d1ff970.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe

Filesize
122KB

MD5
f18db71c070804abbe191d15023705ce

SHA1
d2fefb30acb325429ff961005ba0365cc2a1a74d

SHA256
d714aef061685fbbeed4f1f8cd940b785983778095ba20a0923c51bb7ebd0257

SHA512
8cd710101ee4e4944f31198bee401caf3b0cd62c8ca80fae85e9aa14cec3888e32ff4fa420f0f1d175457ce68e1b4eb54fce61d73c7b8a64bdfac855577ab7bd

Download Submit
memory/888-0-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/888-1-0x00000000001D0000-0x00000000001EF000-memory.dmp

Filesize
124KB

Download
memory/888-2-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/888-13-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4156-14-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/4156-15-0x0000000000190000-0x00000000001AF000-memory.dmp

Filesize
124KB

Download
memory/4156-23-0x00000000014B0000-0x00000000014CE000-memory.dmp

Filesize
120KB

Download
memory/4156-22-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4156-28-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download