ad6a8b5fc0be3aff3eb89d6e3f4917529feb8235a61c463ec4aaa1f8d977939b | Triage

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:15

Sharing

Report Analysis Logs

General

Target

NEAS.207b086e3fde94fa41cee9d2eb3082e0.dll
Size

7KB
MD5

207b086e3fde94fa41cee9d2eb3082e0
SHA1

02fcb52b2234364ef3d7483f388a53cf23dc33ee
SHA256

ad6a8b5fc0be3aff3eb89d6e3f4917529feb8235a61c463ec4aaa1f8d977939b
SHA512

506d6f8755eec5f8373fb05d5235dc641b700321eab55d6b171a691e852fff9b7b836bfdb697821b91344b2e45774351f9e1c8910fd86060b3a44f3c4620f00f
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIeR0JyuUzgEQhz0+n:unSR6bgY9R0Jy7zgEQhz0+n

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 2320	4976	rundll32.exe	48
PID 4976 wrote to memory of 2320	4976	rundll32.exe	48
PID 4976 wrote to memory of 2320	4976	rundll32.exe	48

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.207b086e3fde94fa41cee9d2eb3082e0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.207b086e3fde94fa41cee9d2eb3082e0.dll,#1
  2⤵
  PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads