5c634f2dfef2dddf65c8aa43b2f719bfe2716941e31240584a1edf3654c34798

Analysis

max time kernel
122s
max time network
141s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
18-11-2023 07:26

Target

NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe
Size

1.0MB
MD5

cdb8e1e3f858beae8d95f6767b25cbc0
SHA1

a81c376b3488ff4e13d8bb4b6a352eaa8e8c98b3
SHA256

5c634f2dfef2dddf65c8aa43b2f719bfe2716941e31240584a1edf3654c34798
SHA512

9f56c2b23191b6281a7da082f221317ad599cf438839e9f2a6df1a3e1273708ee8ef1ab97589090bbb52086c715d7907582059a54fcfb78330980664ac946a5b
SSDEEP

24576:hZ5u8PemjFr0eVwnpOa1yskI4k69e+X6nZd3TiSFrl/N65mBmFK:vxhJ0eWn4so9D6n3P5vwK

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2268	djnlpfdvufwdoa.exe

Loads dropped DLL 1 IoCs

pid	Process
2144	NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\qgjwzqukbi\djnlpfdvufwdoa.exe	NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2268	2144	NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe	27
PID 2144 wrote to memory of 2268	2144	NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe	27
PID 2144 wrote to memory of 2268	2144	NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe	27
PID 2144 wrote to memory of 2268	2144	NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cdb8e1e3f858beae8d95f6767b25cbc0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Program Files (x86)\qgjwzqukbi\djnlpfdvufwdoa.exe
  "C:\Program Files (x86)\qgjwzqukbi\djnlpfdvufwdoa.exe"
  2⤵
  - Executes dropped EXE
  PID:2268

C:\Program Files (x86)\qgjwzqukbi\djnlpfdvufwdoa.exe

Filesize
1.1MB

MD5
0fa78f2e7e4f0f139d0c76d47c95ce12

SHA1
3b91a0c34a583dd7aeec84b8333a8ebfbd985504

SHA256
52ebf1fc74ecd5687394652b1dc6320f34c4ec6f265e0f2bea5a69bb883dc3e3

SHA512
a90ca7151f2f1fb9b1c7d72721c3bfd3969d786b6f9aa63ff4c65c3f20600b992091a86d6e862c28c991a2ce88685fb1e7d105bf0f82b7e012a58dc2da828fd2

Download Submit
\Program Files (x86)\qgjwzqukbi\djnlpfdvufwdoa.exe

Filesize
1.1MB

MD5
0fa78f2e7e4f0f139d0c76d47c95ce12

SHA1
3b91a0c34a583dd7aeec84b8333a8ebfbd985504

SHA256
52ebf1fc74ecd5687394652b1dc6320f34c4ec6f265e0f2bea5a69bb883dc3e3

SHA512
a90ca7151f2f1fb9b1c7d72721c3bfd3969d786b6f9aa63ff4c65c3f20600b992091a86d6e862c28c991a2ce88685fb1e7d105bf0f82b7e012a58dc2da828fd2

Download Submit
memory/2144-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2144-1-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2144-6-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2268-8-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2268-9-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2268-10-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download