24b1eac51a802d7c45fbb4f8f2a9b75b49f8b80e73828073d99c434aad1f9cce | Triage

Analysis

max time kernel
86s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 06:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ca7f905ccb9711483cfe85483c8428f0_JC.dll
Size

3KB
MD5

ca7f905ccb9711483cfe85483c8428f0
SHA1

4b6b1cee57b80531c1ee23d2a3fbad8670879eea
SHA256

24b1eac51a802d7c45fbb4f8f2a9b75b49f8b80e73828073d99c434aad1f9cce
SHA512

cea528f81d085ff8d25f4ccfeac2ed415b71eb0a4828198bf24c01b1175240c0741491ab38031657996412524a171ade052200f6ca69bfdda34db3f2ea4e7d35

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2520	2836	rundll32.exe	29
PID 2836 wrote to memory of 2520	2836	rundll32.exe	29
PID 2836 wrote to memory of 2520	2836	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.ca7f905ccb9711483cfe85483c8428f0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.ca7f905ccb9711483cfe85483c8428f0_JC.dll,#1
  2⤵
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads