e5907a6c8519723c9c1656627790467b3388dd7d777e28467003180bf902198b | Triage

Analysis

max time kernel
138s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 23:26

Sharing

Report Analysis Logs

General

Target

NEAS.d3059205d13ceb17c5b0c32691c85820.dll
Size

3KB
MD5

d3059205d13ceb17c5b0c32691c85820
SHA1

1f4daccc14627cbce5f5c234ec3471a95bcd18f6
SHA256

e5907a6c8519723c9c1656627790467b3388dd7d777e28467003180bf902198b
SHA512

50d772cfaef26768670070ed5f18fc438f350cf3014adf5175a6bc1eabadaae6ee3b9ccba4de8435abdd1776842115dc27d98ab8c1b105b65f3ba530f576e648

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 4088	4212	rundll32.exe	15
PID 4212 wrote to memory of 4088	4212	rundll32.exe	15
PID 4212 wrote to memory of 4088	4212	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d3059205d13ceb17c5b0c32691c85820.dll,#1
1⤵
PID:4088

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d3059205d13ceb17c5b0c32691c85820.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads