905ac5dc28522ad9c85bce60f65bf83a8609a7a50a371c39a424d3ff6046d29e | Triage

Analysis

max time kernel
152s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 17:57

Sharing

Report Analysis Logs

General

Target

NEAS.6791d54f38f1a2838eceac3884c61da0.dll
Size

6KB
MD5

6791d54f38f1a2838eceac3884c61da0
SHA1

da4ba51c9cf56f91cfc11ada4cca01c7e1f1a354
SHA256

905ac5dc28522ad9c85bce60f65bf83a8609a7a50a371c39a424d3ff6046d29e
SHA512

36554585af86a375712371c48948ae1c23ff48e9183e1cec62af2cf54ddb2b10ebd1a655bca8a9b62ec0fb41c7eb16cc0dea8092fead3d1231c212ec936c339a
SSDEEP

48:6DOdd5YVOiFVE/y/sqwokyJyi0HB+BDq9J5S9:piFVE/y6okJTB+FqX5S9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2424	2180	rundll32.exe	85
PID 2180 wrote to memory of 2424	2180	rundll32.exe	85
PID 2180 wrote to memory of 2424	2180	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6791d54f38f1a2838eceac3884c61da0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6791d54f38f1a2838eceac3884c61da0.dll,#1
  2⤵
  PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads