7f2945e0819900e3fb65b71bd75aecddc87c1289eac9f2699ad0ecfc4957cfdb | Triage

Analysis

max time kernel
113s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 13:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.081177bccfe56c3c8d484637cd64f330.dll
Size

6KB
MD5

081177bccfe56c3c8d484637cd64f330
SHA1

f35ad0dfa5697413b9621082ee15ea38fd1c1246
SHA256

7f2945e0819900e3fb65b71bd75aecddc87c1289eac9f2699ad0ecfc4957cfdb
SHA512

8f44f22cb7dfee1ceb39d4f89f31b0b058f106c283350cb4236c14a214d39e95dbe3dddc64956ef45bae0ae0636a5d7369a938d09e62171dbd2dc18eae6941fb
SSDEEP

96:hy859x0P8MaD94QfcTR4Ow53IlF2zFMveBJ0IaP:F5oLLQOC353IlF2xMveBG

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1456	3000	rundll32.exe	43
PID 3000 wrote to memory of 1456	3000	rundll32.exe	43
PID 3000 wrote to memory of 1456	3000	rundll32.exe	43

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.081177bccfe56c3c8d484637cd64f330.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.081177bccfe56c3c8d484637cd64f330.dll,#1
  2⤵
  PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads