Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system -
submitted
11-11-2023 12:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.91b53260b6ade2e618b2fdcccb2062f0.dll
Resource
win7-20231020-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.91b53260b6ade2e618b2fdcccb2062f0.dll
Resource
win10v2004-20231025-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
NEAS.91b53260b6ade2e618b2fdcccb2062f0.dll
-
Size
264KB
-
MD5
91b53260b6ade2e618b2fdcccb2062f0
-
SHA1
c31b36facbfc5c271f99bef8cae0fa318214c3e0
-
SHA256
29318f9b545c749f3514a2b375578dd0f6b45f620f586b1315491d8ddb25c76f
-
SHA512
178bc54a029856fadbad37095894a451ff58ac00752a234fa09f9fcaf20c045dee201493d49c6defe506b0985df517a81c75b94c5a9b667532165c0513bb1c44
-
SSDEEP
3072:Xp+BAJm7E5V8WMzqQd4632gSJAYJIEblj7Vk3W+zBXX1sOK6U8:Z+BGm7quZzqQdL2gSNj7VKhsOK6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4676 wrote to memory of 1320 4676 rundll32.exe 16 PID 4676 wrote to memory of 1320 4676 rundll32.exe 16 PID 4676 wrote to memory of 1320 4676 rundll32.exe 16
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.91b53260b6ade2e618b2fdcccb2062f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4676 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.91b53260b6ade2e618b2fdcccb2062f0.dll,#12⤵PID:1320
-