Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
21-10-2023 21:15
General
-
Target
NEAS.29319ae6af95a8e682b7ef5a7e655e90.dll
-
Size
6.1MB
-
MD5
29319ae6af95a8e682b7ef5a7e655e90
-
SHA1
4e99e1051948f5fe3bc2d4127d869db8be8ccdf8
-
SHA256
0c9a0701b4587ad60efd13261159ccf7459aa91326c5398f6b996736ef4fd5ba
-
SHA512
b5e63ca818ec02e39f1898f97df47157ccbe154a74cb530a7b35d4c141adeea4ac4124ad7553b1e90bed2446054a566dc60ae4cb97653c5512ffb65216993638
-
SSDEEP
196608:Sa+SfViblUHpgam3w2+wQtnKyFSTtmOZ3lzPj:Sa+SWlUHpe3w2Qk1T4Y1zP
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 27 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.29319ae6af95a8e682b7ef5a7e655e90.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.29319ae6af95a8e682b7ef5a7e655e90.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
-
Filesize
392KB