Analysis
-
max time kernel
191s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21-10-2023 21:29
General
-
Target
NEAS.b3f2134f96f805f0689064040af619f0.dll
-
Size
71KB
-
MD5
b3f2134f96f805f0689064040af619f0
-
SHA1
457c1a5b44efa85d83a274338587b3111f92a700
-
SHA256
be435e68230b757d9af29b505491ac9e690c9755e08e2bd6310059bc333436d2
-
SHA512
d6dcc502b75e607a5efe245d88abe63cda41bb6025780b66f0cbf7c637ea0afed22dd61e188f788a0d238fc924037b7fdf1b43c342ba39503b32400b780d6f27
-
SSDEEP
768:pdGvJuh5Zve0szqVzvM+SzdGHGv8x7NjoUIjCmca9Fuhcm19IGuVlugWIuzjL3dv:pchqZGzEMhMt+0a9ghrY2jR/oxq
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.b3f2134f96f805f0689064040af619f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.b3f2134f96f805f0689064040af619f0.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 6283⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 6283⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1140 -ip 11401⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB