623e6b344d0680c4d584906f087f4afa3701b9c0f2acdcad8f05bdbaa49de968 | Triage

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2023 19:59

Sharing

Report Analysis Logs

General

Target

NEAS.1e2b48bce310dac50974c05ded754ef0_JC.dll
Size

6KB
MD5

1e2b48bce310dac50974c05ded754ef0
SHA1

a2e79bc42783dfe8560408f851553a9fa8af08e3
SHA256

623e6b344d0680c4d584906f087f4afa3701b9c0f2acdcad8f05bdbaa49de968
SHA512

7a37cd6c3a5a8cf1f8e17bcbb2dcd049390fe06d21968664e01ea4a1389796b83e192bc590ca1076ff5c8489162883434be57c42d82c9064c6a82db3fbdfeb13
SSDEEP

96:z0QR9B6BvAwb28gSH2/9Kd4h+pZr0yP5Xlx:JR94/b2RSH9dN4UXlx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 2424	1008	rundll32.exe	88
PID 1008 wrote to memory of 2424	1008	rundll32.exe	88
PID 1008 wrote to memory of 2424	1008	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.1e2b48bce310dac50974c05ded754ef0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.1e2b48bce310dac50974c05ded754ef0_JC.dll,#1
  2⤵
  PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads