Overview

overview

7

Static

static

7

456f1c7609...AS.dll

windows7-x64

6

456f1c7609...AS.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    129s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    456f1c7609e7f7636c16fffd76d648b0_NEAS.dll

  • Size

    8KB

  • MD5

    456f1c7609e7f7636c16fffd76d648b0

  • SHA1

    75cefde50a7a34cfb990f7254fe60aa12c5aea68

  • SHA256

    32ec0563096d7726c2b8613b091d3deaa710c60d5dc7114cd99f8dd4a0a3f590

  • SHA512

    f9db1cdd5e57fd7fa6254b0722b555fe69d2ed86a4105b6673c9fcb31743e80d603e226444132f71fded590fadf911d7ca246934d96ce58d368d060eefaa766b

  • SSDEEP

    192:ih4SFyvWohE5xf6YUBSL63SUJqtMblWN:iO+ohE2B13NJqtM

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\456f1c7609e7f7636c16fffd76d648b0_NEAS.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4236
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\456f1c7609e7f7636c16fffd76d648b0_NEAS.dll,#1
      2⤵
      • Adds Run key to start application
      • Drops file in System32 directory
      PID:1704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1704-0-0x0000000010000000-0x000000001000D000-memory.dmp

    Filesize

    52KB

    Download