98570f40739af17f0239062c40dc7c1c5d759b1a4ac4d3816632e70e2e5084f6 | Triage

Analysis

max time kernel
122s
max time network
140s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 18:15

Sharing

Report Analysis Logs

General

Target

NEAS.682d3a91cfb44fd7cfeb38e66b461a50_JC.dll
Size

96KB
MD5

682d3a91cfb44fd7cfeb38e66b461a50
SHA1

71e5d06ce41c28b0ba5c49827da720cbf4c33153
SHA256

98570f40739af17f0239062c40dc7c1c5d759b1a4ac4d3816632e70e2e5084f6
SHA512

b5d446c28ae6c9de23c16a6cfc69aa5d0123989553429dfb55643dbea7c6edd04eaea1ac47140a71dd3578c3e9b5a353a67e84b0254c9952f13ae6a0b279f667
SSDEEP

1536:SAJtv/ZEQQV1lQvq1R8UXgQCAHI8KopXX+fU5h9:SC/6bH6vMOM5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2212	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2212	2224	rundll32.exe	28
PID 2224 wrote to memory of 2212	2224	rundll32.exe	28
PID 2224 wrote to memory of 2212	2224	rundll32.exe	28
PID 2224 wrote to memory of 2212	2224	rundll32.exe	28
PID 2224 wrote to memory of 2212	2224	rundll32.exe	28
PID 2224 wrote to memory of 2212	2224	rundll32.exe	28
PID 2224 wrote to memory of 2212	2224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.682d3a91cfb44fd7cfeb38e66b461a50_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.682d3a91cfb44fd7cfeb38e66b461a50_JC.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads