e5907a6c8519723c9c1656627790467b3388dd7d777e28467003180bf902198b | Triage

Analysis

max time kernel
118s
max time network
145s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
12/11/2023, 23:26

Sharing

Report Analysis Logs

General

Target

NEAS.d3059205d13ceb17c5b0c32691c85820.dll
Size

3KB
MD5

d3059205d13ceb17c5b0c32691c85820
SHA1

1f4daccc14627cbce5f5c234ec3471a95bcd18f6
SHA256

e5907a6c8519723c9c1656627790467b3388dd7d777e28467003180bf902198b
SHA512

50d772cfaef26768670070ed5f18fc438f350cf3014adf5175a6bc1eabadaae6ee3b9ccba4de8435abdd1776842115dc27d98ab8c1b105b65f3ba530f576e648

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2832	2644	rundll32.exe	17
PID 2644 wrote to memory of 2832	2644	rundll32.exe	17
PID 2644 wrote to memory of 2832	2644	rundll32.exe	17
PID 2644 wrote to memory of 2832	2644	rundll32.exe	17
PID 2644 wrote to memory of 2832	2644	rundll32.exe	17
PID 2644 wrote to memory of 2832	2644	rundll32.exe	17
PID 2644 wrote to memory of 2832	2644	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d3059205d13ceb17c5b0c32691c85820.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d3059205d13ceb17c5b0c32691c85820.dll,#1
  2⤵
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads