3b4931ca205c45fea81515f916ffc7a718f2b58427a45376a57a38f932685346

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15-11-2023 07:27

Target

NEAS.d0d794bd1aeee5c9e11092a480a0f990.exe
Size

974KB
MD5

d0d794bd1aeee5c9e11092a480a0f990
SHA1

b0aa338c6476263f8a59850b0243b1b8224d8617
SHA256

3b4931ca205c45fea81515f916ffc7a718f2b58427a45376a57a38f932685346
SHA512

d6d218e2171be19c0fe9aa086966049cf2f50ce840542583945767a19ffb06110de7de7478d7b8eca20cf288b0a1f33ca8f56b2355fe8b61ebbb5e581d812060
SSDEEP

24576:IjiMkuEozwNTVocOn7TbuWw69o7F/Um7DraEr2yV:IjikEoKpocOn7fuWOU6DrGyV

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4048	ij.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\gnkcugnuyc\ij.exe	NEAS.d0d794bd1aeee5c9e11092a480a0f990.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 4048	2356	NEAS.d0d794bd1aeee5c9e11092a480a0f990.exe	86
PID 2356 wrote to memory of 4048	2356	NEAS.d0d794bd1aeee5c9e11092a480a0f990.exe	86
PID 2356 wrote to memory of 4048	2356	NEAS.d0d794bd1aeee5c9e11092a480a0f990.exe	86

C:\Users\Admin\AppData\Local\Temp\NEAS.d0d794bd1aeee5c9e11092a480a0f990.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d0d794bd1aeee5c9e11092a480a0f990.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\gnkcugnuyc\ij.exe
  "C:\Program Files (x86)\gnkcugnuyc\ij.exe"
  2⤵
  - Executes dropped EXE
  PID:4048

C:\Program Files (x86)\gnkcugnuyc\ij.exe

Filesize
986KB

MD5
f286a6071022e43fc5504fb084cdd492

SHA1
ca15e42b28546bef4a97702276d0db09d49b2c3b

SHA256
3885b853a9870c2c8cabeac2fdc6174415adb50ef1c4c9313b65d40dae346e74

SHA512
8a59dea25d265d2c31a98999728332cf47459285b0abc16cead429b1279454170fc6523e5bdb58faf8117969a96b4d3288aea887b55a5c9b2aa1cb65374d7767

Download Submit
C:\Program Files (x86)\gnkcugnuyc\ij.exe

Filesize
986KB

MD5
f286a6071022e43fc5504fb084cdd492

SHA1
ca15e42b28546bef4a97702276d0db09d49b2c3b

SHA256
3885b853a9870c2c8cabeac2fdc6174415adb50ef1c4c9313b65d40dae346e74

SHA512
8a59dea25d265d2c31a98999728332cf47459285b0abc16cead429b1279454170fc6523e5bdb58faf8117969a96b4d3288aea887b55a5c9b2aa1cb65374d7767

Download Submit
memory/2356-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2356-2-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2356-3-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2356-7-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4048-12-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4048-13-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4048-11-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4048-9-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download