Analysis
-
max time kernel
96s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14-10-2023 08:52
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll
Resource
win10v2004-20230915-en
General
-
Target
NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll
-
Size
102KB
-
MD5
ed15379ed0c9f2e2cc0c105fc8f08896
-
SHA1
eb19214f7242ffa308fb1366f619a6293ab5c2e9
-
SHA256
1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3
-
SHA512
9c3563fc4f16b124053d21937aabb0be32deda3c673ea04505df662d972352b62ea7488f3d0177d8cc868e9cdda49b298db6ac589a71799025f8bcedd5e70fcd
-
SSDEEP
3072:+rU7xUICZ+FOIm2Kosm72uQR6wQr77xUZYNS60Z:uEFhgYsS2uQRevNS60Z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2656 wrote to memory of 2788 2656 rundll32.exe rundll32.exe PID 2656 wrote to memory of 2788 2656 rundll32.exe rundll32.exe PID 2656 wrote to memory of 2788 2656 rundll32.exe rundll32.exe PID 2656 wrote to memory of 2788 2656 rundll32.exe rundll32.exe PID 2656 wrote to memory of 2788 2656 rundll32.exe rundll32.exe PID 2656 wrote to memory of 2788 2656 rundll32.exe rundll32.exe PID 2656 wrote to memory of 2788 2656 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll,#12⤵PID:2788