Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
06-11-2023 01:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.5e570d6b32ff73d56f710c5ab4147e10.dll
Resource
win7-20231020-en
windows7-x64
2 signatures
150 seconds
General
-
Target
NEAS.5e570d6b32ff73d56f710c5ab4147e10.dll
-
Size
1.0MB
-
MD5
5e570d6b32ff73d56f710c5ab4147e10
-
SHA1
2de75b526aaa19c5444eec5bf18e2c42a0696db8
-
SHA256
ccf2b257e73da20556ae15488abb02e2c0d15b46e7036186ee6ab68ffb7c5ee7
-
SHA512
068e67c6952ba0b962eb5b378d3bf682b05a71a14ef3e3ad688a962d1da11b5611072df5e48c33a7df07719346ae86224bc8dd10f6e1872087ddf72c5552b609
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0o:jDgtfRQUHPw06MoV2nwTBlhm8A
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4780 wrote to memory of 4232 4780 rundll32.exe 82 PID 4780 wrote to memory of 4232 4780 rundll32.exe 82 PID 4780 wrote to memory of 4232 4780 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5e570d6b32ff73d56f710c5ab4147e10.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5e570d6b32ff73d56f710c5ab4147e10.dll,#12⤵PID:4232
-