eab65aeb250c50b040571fe54d9f7a829f91a0354a0ef842642760ac0a7c8d06

Analysis

max time kernel
137s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 23:12

Target

NEAS.1f2dcfd5278f7044fdb70e5be2ea5b90.exe
Size

965KB
MD5

1f2dcfd5278f7044fdb70e5be2ea5b90
SHA1

b9f26020ff2fab894c61e4bcab6df12e57315ff3
SHA256

eab65aeb250c50b040571fe54d9f7a829f91a0354a0ef842642760ac0a7c8d06
SHA512

b5f7bf778330b58aecd3f1acdc2f484e55bfdec97086135222f7edff3e7a82d10ffb11ea385fee919b3b5d02a22a3b8d1cad637ce19ccf2fdec313cdeb4ed587
SSDEEP

24576:IjiMkuEozwNTVocOn7TbuWw69o7F/Um7E4r1ENWdB9:IjikEoKpocOn7fuWOU6E4r9dP

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3964	smgdtrzhgvhrpb.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ouvhw\smgdtrzhgvhrpb.exe	NEAS.1f2dcfd5278f7044fdb70e5be2ea5b90.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 3964	4556	NEAS.1f2dcfd5278f7044fdb70e5be2ea5b90.exe	86
PID 4556 wrote to memory of 3964	4556	NEAS.1f2dcfd5278f7044fdb70e5be2ea5b90.exe	86
PID 4556 wrote to memory of 3964	4556	NEAS.1f2dcfd5278f7044fdb70e5be2ea5b90.exe	86

C:\Users\Admin\AppData\Local\Temp\NEAS.1f2dcfd5278f7044fdb70e5be2ea5b90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1f2dcfd5278f7044fdb70e5be2ea5b90.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files (x86)\ouvhw\smgdtrzhgvhrpb.exe
  "C:\Program Files (x86)\ouvhw\smgdtrzhgvhrpb.exe"
  2⤵
  - Executes dropped EXE
  PID:3964

C:\Program Files (x86)\ouvhw\smgdtrzhgvhrpb.exe

Filesize
987KB

MD5
5013611801a236813f7eae54bed9ea74

SHA1
eebb22a905f686722f740e8343c45c13965051eb

SHA256
eadcc30bc74a414354ed1ab3ab51e13820748f483d36eb57acf0f54ca177e4f9

SHA512
ef90c926cf8124b56668422304cb372729046127ef7646c2249a307c62ba4a6ee22ac1bb3b3562c3537063a64b78cb77e9e9cc1004f581ac782079294951b1d1

Download Submit
C:\Program Files (x86)\ouvhw\smgdtrzhgvhrpb.exe

Filesize
987KB

MD5
5013611801a236813f7eae54bed9ea74

SHA1
eebb22a905f686722f740e8343c45c13965051eb

SHA256
eadcc30bc74a414354ed1ab3ab51e13820748f483d36eb57acf0f54ca177e4f9

SHA512
ef90c926cf8124b56668422304cb372729046127ef7646c2249a307c62ba4a6ee22ac1bb3b3562c3537063a64b78cb77e9e9cc1004f581ac782079294951b1d1

Download Submit
memory/3964-10-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/3964-11-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4556-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4556-2-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4556-1-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4556-3-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/4556-9-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download