Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2023 20:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.9664e12fa47c1343e869f47ed6016520.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
General
-
Target
NEAS.9664e12fa47c1343e869f47ed6016520.dll
-
Size
721KB
-
MD5
9664e12fa47c1343e869f47ed6016520
-
SHA1
2cccbb9feb628f00f822106992cd67a378528dbf
-
SHA256
27f2ca99bb8d0c16ec5fdcd954512275fa4a9746ab4880fbf7239b7a31728885
-
SHA512
f9c5b396e65379344808908280411b66a61a3f3b1b7c52bac66eda86cefb39782e430291c91cdd78c69ed951788a4e2abd25ba0f926c9463bc36366792f96e11
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYc:o6RI1Fo/wT3cJYYYYYYYYYYYYc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3628 wrote to memory of 1812 3628 rundll32.exe 85 PID 3628 wrote to memory of 1812 3628 rundll32.exe 85 PID 3628 wrote to memory of 1812 3628 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.9664e12fa47c1343e869f47ed6016520.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.9664e12fa47c1343e869f47ed6016520.dll,#12⤵PID:1812
-