Analysis
-
max time kernel
139s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
24-10-2023 00:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.e5797f23767ba9dd19d64a4d00bc3cc0_JC.dll
Resource
win7-20231023-en
windows7-x64
2 signatures
150 seconds
General
-
Target
NEAS.e5797f23767ba9dd19d64a4d00bc3cc0_JC.dll
-
Size
1020KB
-
MD5
e5797f23767ba9dd19d64a4d00bc3cc0
-
SHA1
dc162945f11f8a4fe78cc71360f39d4e2221ebed
-
SHA256
60b81c1c10543f20b98e12da96cccbaaa2b69ab87fb83061406b178abd6df49c
-
SHA512
06e1feee531a7fe7132adb1589f344cda7436acc3e4711041d513b27c387243bdd803681b9d5effccdf684ad5020ffdd27e380ed0628bc41cb45f915fc992836
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY0:o6RI1Fo/wT3cJYYYYYYYYYYYY0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1316 wrote to memory of 4712 1316 rundll32.exe 80 PID 1316 wrote to memory of 4712 1316 rundll32.exe 80 PID 1316 wrote to memory of 4712 1316 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.e5797f23767ba9dd19d64a4d00bc3cc0_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.e5797f23767ba9dd19d64a4d00bc3cc0_JC.dll,#12⤵PID:4712
-