0504c50c953d2ec2e0c08b3c5cae79b4b2813b56c674ec739b0a36c10c696260 | Triage

Analysis

max time kernel
127s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:16

Sharing

Report Analysis Logs

General

Target

NEAS.305a8a606dd28d8f6ffd35b8fc43f700.dll
Size

5KB
MD5

305a8a606dd28d8f6ffd35b8fc43f700
SHA1

78312d7031de747dabada50dc0bbc3ed0f97949a
SHA256

0504c50c953d2ec2e0c08b3c5cae79b4b2813b56c674ec739b0a36c10c696260
SHA512

4ed9bc7478b0cc04f9af77cacbd091add51b4beba6b2c5dd3eab1da2a42965e7616422020a089debfeae9ae00adb592c6f2df44f6b3e49bf9c33a8b8869097da
SSDEEP

96:hy859x0P8MaK2/FC/Bcovonf+SG/TG2Kc:F5oL52/FC/Bcovonf+SSTG2Kc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 392	220	rundll32.exe	88
PID 220 wrote to memory of 392	220	rundll32.exe	88
PID 220 wrote to memory of 392	220	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.305a8a606dd28d8f6ffd35b8fc43f700.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.305a8a606dd28d8f6ffd35b8fc43f700.dll,#1
  2⤵
  PID:392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads