9ed585b6e5d1c37217737cecf56599802a602829e78710682631017da79068fe

Analysis

max time kernel
121s
max time network
141s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 01:57

Target

NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe
Size

816KB
MD5

5af0683ad103eecf60b0ddb5eb779b50
SHA1

0cd4d138067d3f89bb6aa06dffc47a512eb1e778
SHA256

9ed585b6e5d1c37217737cecf56599802a602829e78710682631017da79068fe
SHA512

0f76bbddc84725ad9f16aed548c5f8173f71021098190829aded77e4df1d12723f58ea60e19e36e946a432bcd88bc2c431c9401f3f7cea01cb1fb9ad1760d898
SSDEEP

12288:IjiMo7us39MQ4UWw4IS40caXNdFI1F9R+f2xO2ZXJhxQ6WvW3OCWIxIzCFlO:IjiMkuEozwNTug9r0y26k3CW3D

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1708	kaiii.exe

Loads dropped DLL 1 IoCs

pid	Process
1516	NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\exeqbadpl\kaiii.exe	NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 1708	1516	NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe	28
PID 1516 wrote to memory of 1708	1516	NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe	28
PID 1516 wrote to memory of 1708	1516	NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe	28
PID 1516 wrote to memory of 1708	1516	NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5af0683ad103eecf60b0ddb5eb779b50.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files (x86)\exeqbadpl\kaiii.exe
  "C:\Program Files (x86)\exeqbadpl\kaiii.exe"
  2⤵
  - Executes dropped EXE
  PID:1708

C:\Program Files (x86)\exeqbadpl\kaiii.exe

Filesize
834KB

MD5
9f84eee39692585b718a2e03e71f7ec8

SHA1
3a7401529a5ed4cdf8b0a735083017d65b965167

SHA256
598c9a3ad25447e4e3eae3d3f82d6f5a103118d7a6aab2bd507958bc2f98bfe4

SHA512
80065655b5f21b0664657f3353c295a8f50e5bcf2d48bccbb6791ae31fde9301fbfbe07240224a8ccbefaba7bfe42314fe9abea006ebc80d79d0e87722b2b9af

Download Submit
\Program Files (x86)\exeqbadpl\kaiii.exe

Filesize
834KB

MD5
9f84eee39692585b718a2e03e71f7ec8

SHA1
3a7401529a5ed4cdf8b0a735083017d65b965167

SHA256
598c9a3ad25447e4e3eae3d3f82d6f5a103118d7a6aab2bd507958bc2f98bfe4

SHA512
80065655b5f21b0664657f3353c295a8f50e5bcf2d48bccbb6791ae31fde9301fbfbe07240224a8ccbefaba7bfe42314fe9abea006ebc80d79d0e87722b2b9af

Download Submit
memory/1516-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1516-2-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1516-1-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1516-3-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1516-9-0x0000000001D40000-0x0000000001DD6000-memory.dmp

Filesize
600KB

Download
memory/1516-8-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1708-12-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1708-13-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download