f53cafe0070e47ebdd46b109916bcd499eba7a0d5c1d3cdd303d5941dabb34fe | Triage

Analysis

max time kernel
117s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:37

Sharing

Report Analysis Logs

General

Target

NEAS.f40e69e8c508bd235f9fa4bb1821a850.dll
Size

3KB
MD5

f40e69e8c508bd235f9fa4bb1821a850
SHA1

4d20dbe7c7d211185e6cf37420ffc494b05729ff
SHA256

f53cafe0070e47ebdd46b109916bcd499eba7a0d5c1d3cdd303d5941dabb34fe
SHA512

4ca3360f3886d2b49fb198f8524b95375de86ef3a1bd4098f1d7eec8056fe9e8d9a6e8ad6cf10c2dc9bcdbecea1c7cdecd0a07e0c7fbf1cca99f6149c3498b47

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 4224	2512	rundll32.exe	82
PID 2512 wrote to memory of 4224	2512	rundll32.exe	82
PID 2512 wrote to memory of 4224	2512	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.f40e69e8c508bd235f9fa4bb1821a850.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.f40e69e8c508bd235f9fa4bb1821a850.dll,#1
  2⤵
  PID:4224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads