325ab850d29544eab3fd36c12815ae1a5af96589081a034c31fdc85b3926532e | Triage

Analysis

max time kernel
2s
max time network
5s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 17:21

Sharing

Report Analysis Logs

General

Target

NEAS.76bbb5838e276fe53655ed43cf821550.dll
Size

4KB
MD5

76bbb5838e276fe53655ed43cf821550
SHA1

5b497864b0213b55d6127dc8ccc744058b5ef0b8
SHA256

325ab850d29544eab3fd36c12815ae1a5af96589081a034c31fdc85b3926532e
SHA512

0c1283223681b78b042f84682e151e0543b38522252765c2659ead6fe1d2a1dbe6aa5371b66d7f128d0bbaf7c66a728f9bcf167fd7a928441b3bcfbc282aa78d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 2260	1256	rundll32.exe	28
PID 1256 wrote to memory of 2260	1256	rundll32.exe	28
PID 1256 wrote to memory of 2260	1256	rundll32.exe	28
PID 1256 wrote to memory of 2260	1256	rundll32.exe	28
PID 1256 wrote to memory of 2260	1256	rundll32.exe	28
PID 1256 wrote to memory of 2260	1256	rundll32.exe	28
PID 1256 wrote to memory of 2260	1256	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.76bbb5838e276fe53655ed43cf821550.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.76bbb5838e276fe53655ed43cf821550.dll,#1
  2⤵
  PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads