7258f4f5272c9517e43cc0a0e54836be768c4234c91e08df320047d3aaf5207f

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.afc7de7bc6cc314480d0cf293db21f30.dll
Size

444KB
MD5

afc7de7bc6cc314480d0cf293db21f30
SHA1

2352758a583356201daf259ada1885846a90f23d
SHA256

7258f4f5272c9517e43cc0a0e54836be768c4234c91e08df320047d3aaf5207f
SHA512

55dd8decaec7adada8481ea5d0af5d704134f0f8d31277e5b7b66fc0e7dc4e75f6cfc718ac85b0184573b53e998c3360878eb5b7c2056d6ae22b1bf344303ff3
SSDEEP

12288:yehnaNPpSVZmNxRCwnwm3W3OHIIf5YZgh:yeh0PpS6NxNnwYeOHXiZgh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2664	rundll32mgr.exe

Loads dropped DLL 9 IoCs

pid	Process
2584	rundll32.exe
2584	rundll32.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe
2600	WerFault.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2600	2664	WerFault.exe	29

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2584	2964	rundll32.exe	28
PID 2964 wrote to memory of 2584	2964	rundll32.exe	28
PID 2964 wrote to memory of 2584	2964	rundll32.exe	28
PID 2964 wrote to memory of 2584	2964	rundll32.exe	28
PID 2964 wrote to memory of 2584	2964	rundll32.exe	28
PID 2964 wrote to memory of 2584	2964	rundll32.exe	28
PID 2964 wrote to memory of 2584	2964	rundll32.exe	28
PID 2584 wrote to memory of 2664	2584	rundll32.exe	29
PID 2584 wrote to memory of 2664	2584	rundll32.exe	29
PID 2584 wrote to memory of 2664	2584	rundll32.exe	29
PID 2584 wrote to memory of 2664	2584	rundll32.exe	29
PID 2664 wrote to memory of 2600	2664	rundll32mgr.exe	30
PID 2664 wrote to memory of 2600	2664	rundll32mgr.exe	30
PID 2664 wrote to memory of 2600	2664	rundll32mgr.exe	30
PID 2664 wrote to memory of 2600	2664	rundll32mgr.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.afc7de7bc6cc314480d0cf293db21f30.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.afc7de7bc6cc314480d0cf293db21f30.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 92
      4⤵
      Loads dropped DLL
      Program crash
      PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
\Windows\SysWOW64\rundll32mgr.exe

Filesize
61KB

MD5
45133e7aee2b4329d31c6572d930f4f3

SHA1
8a679213c6b1824fe8de490b54d31976e43c955a

SHA256
d02d09b8b8b7866ca60c192c7c8aaaa09741113698ed2471e2ce757bf0afc910

SHA512
bb75bcc6e5b23e4be9b157eb87798d014d55f57cdfa03eff444a953c43e5c8fa70e9fd3d589a44f2dc1d50762bc1118eb75f74f627b7ab394dbb0ae6dafc6324

Download Submit
memory/2584-0-0x0000000010000000-0x0000000010071000-memory.dmp

Filesize
452KB

Download
memory/2584-2-0x0000000010000000-0x0000000010071000-memory.dmp

Filesize
452KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads