2076eac290f3b36574ab56a166407495678651eb66eee7580fd445d86dcd7dcf | Triage

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.24bf05c39e7faabc071ca0c9c2bee770.dll
Size

3KB
MD5

24bf05c39e7faabc071ca0c9c2bee770
SHA1

ad35f56eae2dadfac1f27fae6d7a60ba77d3c081
SHA256

2076eac290f3b36574ab56a166407495678651eb66eee7580fd445d86dcd7dcf
SHA512

0a43b92095bc11be0456201de649e89817f5ced22a679432d3062c5eb62c9b3f10c41988ab01b033a498ccb1652b5cf2ef39d5e9a7012e35b7862031754b07ee

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 4780	1584	rundll32.exe	84
PID 1584 wrote to memory of 4780	1584	rundll32.exe	84
PID 1584 wrote to memory of 4780	1584	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.24bf05c39e7faabc071ca0c9c2bee770.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.24bf05c39e7faabc071ca0c9c2bee770.dll,#1
  2⤵
  PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads