3f80755df27dc24d4c21830da40bb8498c143cca3a3e40707fa9c8385a10d959

Analysis

max time kernel
131s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 09:56

Target

NEAS.5b45389249e1f974ff5f8d409eef1b60.exe
Size

79KB
MD5

5b45389249e1f974ff5f8d409eef1b60
SHA1

7ab70cea21f55f0f674ddf20a01bb568b74e1ba0
SHA256

3f80755df27dc24d4c21830da40bb8498c143cca3a3e40707fa9c8385a10d959
SHA512

e289f1a3d12634d9f6f7bb43ee5901c248460400d22dcd99b1460164f860656cf85b96a07d61cfbcf5fb9d1a1880bd8bef28cbfa66c10a68af4e0a7a2c48651c
SSDEEP

1536:zvsbwww3DBuynr47rQk2GOQA8AkqUhMb2nuy5wgIP0CSJ+5yPBB8GMGlZ5G:zvsKDdrwJ8GdqU7uy5w9WMyPBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4320	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 4908	1188	NEAS.5b45389249e1f974ff5f8d409eef1b60.exe	89
PID 1188 wrote to memory of 4908	1188	NEAS.5b45389249e1f974ff5f8d409eef1b60.exe	89
PID 1188 wrote to memory of 4908	1188	NEAS.5b45389249e1f974ff5f8d409eef1b60.exe	89
PID 4908 wrote to memory of 4320	4908	cmd.exe	90
PID 4908 wrote to memory of 4320	4908	cmd.exe	90
PID 4908 wrote to memory of 4320	4908	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\NEAS.5b45389249e1f974ff5f8d409eef1b60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5b45389249e1f974ff5f8d409eef1b60.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4320

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
82c2e968ac067a19c64b31f96c815587

SHA1
4eaca30504160c95245c466b0a9a5658cb0c2934

SHA256
7f8a4ae880b373ce1004132dee2d22df45a5a91733a8f1f2410f55f30a5cfbea

SHA512
3bd80575bbfd82cc21e7e91eaa5ab9af513567430ce8fea4fe93b3bbdd7e026d89e8e0175ce4567c395655ef95683c1db8e0d93b5b095b8c9cf68099bcbf880e

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
82c2e968ac067a19c64b31f96c815587

SHA1
4eaca30504160c95245c466b0a9a5658cb0c2934

SHA256
7f8a4ae880b373ce1004132dee2d22df45a5a91733a8f1f2410f55f30a5cfbea

SHA512
3bd80575bbfd82cc21e7e91eaa5ab9af513567430ce8fea4fe93b3bbdd7e026d89e8e0175ce4567c395655ef95683c1db8e0d93b5b095b8c9cf68099bcbf880e

Download Submit
memory/1188-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4320-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download