6fb3b7271e4813b59ba2420fbc0d75100a199d44a7b5febe0e06bb87be62942b | Triage

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:29

Sharing

Report Analysis Logs

General

Target

NEAS.d6c0f08cec16d4251dce0f1de05bc650.dll
Size

3KB
MD5

d6c0f08cec16d4251dce0f1de05bc650
SHA1

eb3a96a2b1e5b69312475daa6f1906341e6cb741
SHA256

6fb3b7271e4813b59ba2420fbc0d75100a199d44a7b5febe0e06bb87be62942b
SHA512

6f9c2c9830c08a076b52a058a7078c61fc74b5a9faa1f3f78ababbba336058e6cf839c7d9b1eeba338ffc86aaf26d8439cd54220497b1e95e42011f3c4ec2cf3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 5044	4476	rundll32.exe	87
PID 4476 wrote to memory of 5044	4476	rundll32.exe	87
PID 4476 wrote to memory of 5044	4476	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d6c0f08cec16d4251dce0f1de05bc650.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d6c0f08cec16d4251dce0f1de05bc650.dll,#1
  2⤵
  PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads