Analysis
-
max time kernel
153s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11-10-2023 17:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.189b1c539080b979f5c5afbd65fc2940_JC.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
General
-
Target
NEAS.189b1c539080b979f5c5afbd65fc2940_JC.dll
-
Size
670KB
-
MD5
189b1c539080b979f5c5afbd65fc2940
-
SHA1
b5a3252ac8454d22855376c0f479763eea539f3f
-
SHA256
bec544636e477bab30a62d401557985642ca3f757c73e481458ac9f7a2e98236
-
SHA512
59b612878c5e23e1147996c613ed76488dd4dec051456df4e292f0ddcdc84864152bd08d634d9cd78825f09f526da4f91350b163dff6df99935a42729c91dfa3
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY7:o6RI1Fo/wT3cJYYYYYYYYYYYY7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1644 wrote to memory of 4764 1644 rundll32.exe 85 PID 1644 wrote to memory of 4764 1644 rundll32.exe 85 PID 1644 wrote to memory of 4764 1644 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.189b1c539080b979f5c5afbd65fc2940_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.189b1c539080b979f5c5afbd65fc2940_JC.dll,#12⤵PID:4764
-