9155d5a642ac3def70e572dcc46e68daaa658879563b1f064ffd1d8ab5911d19

Analysis

max time kernel
174s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2023 14:09

Target

NEAS.7c28d2a69e76f7be1d785c9fac270640.exe
Size

122KB
MD5

7c28d2a69e76f7be1d785c9fac270640
SHA1

e54fa8ccb5dd3df5d72b9aaf55b6cdd50e9937c0
SHA256

9155d5a642ac3def70e572dcc46e68daaa658879563b1f064ffd1d8ab5911d19
SHA512

5f6a924e36ad0a12e556a2f8d71d244d854b8e0f081c6e5772a79b45bae1d03e7e6242fd45b6d1b59cd44079c638badab0292a17d280ef851a7fa7525ac02a1d
SSDEEP

3072:hveNtheo29L6HBP69hMO31Jui8l2CRuQFykCoZbbZTepf:ChOGHBP69hZlJuRlVnFyFoNZTk

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3556	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe

Executes dropped EXE 1 IoCs

pid	Process
3556	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2880-0-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral2/files/0x0007000000022dd0-12.dat	upx
behavioral2/memory/3556-14-0x0000000000400000-0x000000000047D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2880	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2880	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe
3556	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 3556	2880	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe	87
PID 2880 wrote to memory of 3556	2880	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe	87
PID 2880 wrote to memory of 3556	2880	NEAS.7c28d2a69e76f7be1d785c9fac270640.exe	87

C:\Users\Admin\AppData\Local\Temp\NEAS.7c28d2a69e76f7be1d785c9fac270640.exe

Filesize
122KB

MD5
acf33a3b6617eb9e3bc0213aebb12a9d

SHA1
e7e643ee2f5c2483b5384770a254fac790fec460

SHA256
96221d881a8454c664dd096f570dc0525a3363136648d10bb311e58b9ee11229

SHA512
24f5aecef76b92c5d1de883a4f09787974f30fc27922384743d11d4068a3228c0b1a34b9c49252acbbec67fe1a60552ed7016d2094d34f733ee65f5fe03ed5ed

Download Submit
memory/2880-0-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2880-1-0x00000000000E0000-0x00000000000FF000-memory.dmp

Filesize
124KB

Download
memory/2880-2-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2880-13-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3556-14-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/3556-23-0x0000000001480000-0x000000000149E000-memory.dmp

Filesize
120KB

Download
memory/3556-22-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3556-21-0x00000000000C0000-0x00000000000DF000-memory.dmp

Filesize
124KB

Download
memory/3556-28-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download