Analysis
-
max time kernel
141s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2023, 19:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.6414ed162055cb8e2ad7930ee1a89b60.dll
Resource
win7-20231023-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.6414ed162055cb8e2ad7930ee1a89b60.dll
Resource
win10v2004-20231023-en
1 signatures
150 seconds
General
-
Target
NEAS.6414ed162055cb8e2ad7930ee1a89b60.dll
-
Size
585KB
-
MD5
6414ed162055cb8e2ad7930ee1a89b60
-
SHA1
094ada97e3eaa58090b62715833b7626474eceae
-
SHA256
7d43e79a7f2f4ba1d4dafa499c0413b0a12b16f8c18015c1b85fb0bd44e22fbd
-
SHA512
aa93ee094fa2c3e9d55811b2d4978835d2bff584916c8e0c784b5a1ca317fb9f8b94a2199f389cc38064066e529d9664359df66ab8afb8d118008841ef7207e3
-
SSDEEP
6144:j88UYYb/KpBEz6sRqE+TNhmUT03Q4kfryqF6mLUoGS:gYYb/KpBY6VNh703ix8mTGS
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1740 wrote to memory of 4700 1740 rundll32.exe 85 PID 1740 wrote to memory of 4700 1740 rundll32.exe 85 PID 1740 wrote to memory of 4700 1740 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6414ed162055cb8e2ad7930ee1a89b60.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6414ed162055cb8e2ad7930ee1a89b60.dll,#12⤵PID:4700
-