6d3e0f4b400eeb388c288d1151c5051224f99497a522424f60d9cdcc63157cab

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02-12-2023 10:15

Target

NEAS.tmpexe.exe
Size

644KB
MD5

219492f049fb6d224dc912fb1de2d515
SHA1

ecfbfb5a6714032f4c811601bf8146c1f580b58f
SHA256

6d3e0f4b400eeb388c288d1151c5051224f99497a522424f60d9cdcc63157cab
SHA512

7f7cf112ff91e0634728a42937051326c5810ef1fbf1b3b9e8a6847b9f34f2ebdb765e046ee4b61f6d286e75ada5cfd4db45eb876e2eb61e8ca9309844ee2878
SSDEEP

12288:8K361h61EWGqLia/AsN3xoiFyit3+hBSEvowv409EVjbEQ8q61:8vY7GUiasSnt3qBSE1ejbEQ8v

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

NEAS.tmpexe.exe

pid process

3020 NEAS.tmpexe.exe
3020 NEAS.tmpexe.exe
3020 NEAS.tmpexe.exe
3020 NEAS.tmpexe.exe
3020 NEAS.tmpexe.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

NEAS.tmpexe.exe

description pid process

Token: SeDebugPrivilege 3020 NEAS.tmpexe.exe

description	pid	process
Token: SeDebugPrivilege	3020	NEAS.tmpexe.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

NEAS.tmpexe.exe

description	pid	process	target process
PID 3020 wrote to memory of 3036	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 3036	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 3036	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 3036	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1208	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1208	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1208	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1208	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2168	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2168	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2168	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2168	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1664	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1664	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1664	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 1664	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2160	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2160	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2160	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe
PID 3020 wrote to memory of 2160	3020	NEAS.tmpexe.exe	NEAS.tmpexe.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe"
2⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe"
2⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe"
2⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe"
2⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.tmpexe.exe"
2⤵
PID:2160

memory/3020-0-0x00000000001D0000-0x0000000000278000-memory.dmp

Filesize
672KB

Download
memory/3020-1-0x0000000073F90000-0x000000007467E000-memory.dmp

Filesize
6.9MB

Download
memory/3020-2-0x00000000047C0000-0x0000000004800000-memory.dmp

Filesize
256KB

Download
memory/3020-3-0x0000000001FB0000-0x0000000001FC0000-memory.dmp

Filesize
64KB

Download
memory/3020-4-0x0000000004560000-0x0000000004568000-memory.dmp

Filesize
32KB

Download
memory/3020-5-0x0000000004570000-0x000000000457A000-memory.dmp

Filesize
40KB

Download
memory/3020-6-0x0000000005390000-0x000000000540A000-memory.dmp

Filesize
488KB

Download
memory/3020-7-0x0000000073F90000-0x000000007467E000-memory.dmp

Filesize
6.9MB

Download