54b59dee345a45b7041e550a95162c144023353e16125643d829918abcb033cb | Triage

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 04:04

Sharing

Report Analysis Logs

General

Target

NEAS.2c1ccbf65d91ada621634af6a97ba350.dll
Size

192KB
MD5

2c1ccbf65d91ada621634af6a97ba350
SHA1

c37e383300343aac273ed37ab10c4209a13e8eae
SHA256

54b59dee345a45b7041e550a95162c144023353e16125643d829918abcb033cb
SHA512

9b76468f3bb77a1b5415a4396197713505d8947e05a3f4c7d481c95769a1c51ddd8b7d022a03b38ccedbadeb37e64d6e93910d968a6ad73c63c5df50c4f5a513
SSDEEP

3072:480J8IMILmCa3yx6oFEdgVXnFtkVEFAgfxm3:4okmCaiEoFEd+F6Sxm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1200	2256	rundll32.exe	28
PID 2256 wrote to memory of 1200	2256	rundll32.exe	28
PID 2256 wrote to memory of 1200	2256	rundll32.exe	28
PID 2256 wrote to memory of 1200	2256	rundll32.exe	28
PID 2256 wrote to memory of 1200	2256	rundll32.exe	28
PID 2256 wrote to memory of 1200	2256	rundll32.exe	28
PID 2256 wrote to memory of 1200	2256	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.2c1ccbf65d91ada621634af6a97ba350.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.2c1ccbf65d91ada621634af6a97ba350.dll,#1
  2⤵
  PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads