Analysis
-
max time kernel
137s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2023 21:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.95fc7a2325e9878d72d68f20370de3b0.dll
Resource
win7-20230831-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.95fc7a2325e9878d72d68f20370de3b0.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
NEAS.95fc7a2325e9878d72d68f20370de3b0.dll
-
Size
341KB
-
MD5
95fc7a2325e9878d72d68f20370de3b0
-
SHA1
1174b6e1c2e81dcd097c17a4ad1009f6fe33ce08
-
SHA256
e2c5f8da89d0edbcff1f8d524b0d11eeb3cd2bb0049b93d9c7972c17a6bcea81
-
SHA512
25397f2070ca97fd568c26c8dcba390910ceb114183ba163d233e492ae9ade22588cc540d4372172c6afb5f53417f49f2fb00dbcf1e578437de312859db09da7
-
SSDEEP
6144:tH0C6ydaOjTLFaZ41EBLtrGh+RS7NwSv14ximM42m2LLqxx:Z0hywZKEBchqS7NwSJHqxx
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4620 wrote to memory of 4776 4620 rundll32.exe 86 PID 4620 wrote to memory of 4776 4620 rundll32.exe 86 PID 4620 wrote to memory of 4776 4620 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.95fc7a2325e9878d72d68f20370de3b0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4620 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.95fc7a2325e9878d72d68f20370de3b0.dll,#12⤵PID:4776
-