Analysis
-
max time kernel
142s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2023 21:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.14c43ccbe5cd08a3287bda6bf7ca61f0.dll
Resource
win7-20231020-en
2 signatures
150 seconds
General
-
Target
NEAS.14c43ccbe5cd08a3287bda6bf7ca61f0.dll
-
Size
1019KB
-
MD5
14c43ccbe5cd08a3287bda6bf7ca61f0
-
SHA1
9fd766ed3eb9b40605eb0a6f245a1cb3e20a26f5
-
SHA256
886f8852d035b0512200b37a8747aff7345c4ab3ba8b1ee9ca72203f4b3bb903
-
SHA512
ebdaef86657cf68350f4d74b4b6b1e3a95a087ad152d05392efeafc3707a730bba6d8363dd9ae4e7dbe036d115b82dac78fa9afa4576721e1d680d62a3323377
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY4:o6RI1Fo/wT3cJYYYYYYYYYYYY4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4256 wrote to memory of 2676 4256 rundll32.exe rundll32.exe PID 4256 wrote to memory of 2676 4256 rundll32.exe rundll32.exe PID 4256 wrote to memory of 2676 4256 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.14c43ccbe5cd08a3287bda6bf7ca61f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.14c43ccbe5cd08a3287bda6bf7ca61f0.dll,#12⤵