2b44fbe9b32f3f800ebd7362857a1da4e93c6ccbc93ff03274bc964c0dc8041f | Triage

Analysis

max time kernel
119s
max time network
138s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 18:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.886470703e30b767d43511ada7879300.dll
Size

3KB
MD5

886470703e30b767d43511ada7879300
SHA1

566dbc5cc1c7aa8fc5c596630c6b73dd113e4571
SHA256

2b44fbe9b32f3f800ebd7362857a1da4e93c6ccbc93ff03274bc964c0dc8041f
SHA512

f9e8a53a3d19bdec9f6dad55ede1b52741db95b4ed4a172ff63138e45200b0b8f0669390fb7bea411f72e34bb05c1ff4b390c1e5b50fadd6d58ab387e5557d23

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2316	2128	rundll32.exe	28
PID 2128 wrote to memory of 2316	2128	rundll32.exe	28
PID 2128 wrote to memory of 2316	2128	rundll32.exe	28
PID 2128 wrote to memory of 2316	2128	rundll32.exe	28
PID 2128 wrote to memory of 2316	2128	rundll32.exe	28
PID 2128 wrote to memory of 2316	2128	rundll32.exe	28
PID 2128 wrote to memory of 2316	2128	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.886470703e30b767d43511ada7879300.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.886470703e30b767d43511ada7879300.dll,#1
  2⤵
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads