1b72e3e655af54a063fb5dbb918ea57d03fc9c21016bc5ba3149a0db04bcd947 | Triage

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 13:29

Sharing

Report Analysis Logs

General

Target

NEAS.007dabad97fefa0a7b4764ff504b0690.dll
Size

209KB
MD5

007dabad97fefa0a7b4764ff504b0690
SHA1

57181c473267716b8169f904c9e72ca9867d3636
SHA256

1b72e3e655af54a063fb5dbb918ea57d03fc9c21016bc5ba3149a0db04bcd947
SHA512

95d9e04c7ad4cd583977b446d5e6ddcbca4dd4ed8ad6ced90d579914dc7ccfd2c88d7112a9f41b8287da784fc4c46420bd91473a4623b410c7c5cd97b23daecb
SSDEEP

6144:U/TBIJyrwflI4ESv+1EJb6nI7TYn0FOJR9:U/1Iaw9IFSZ6/08Jb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 3100	1728	rundll32.exe	83
PID 1728 wrote to memory of 3100	1728	rundll32.exe	83
PID 1728 wrote to memory of 3100	1728	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.007dabad97fefa0a7b4764ff504b0690.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.007dabad97fefa0a7b4764ff504b0690.dll,#1
  2⤵
  PID:3100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3100-0-0x0000000067600000-0x0000000067637000-memory.dmp

Filesize
220KB

Download