d187e203ce084abfc5615a0ea6dd0892d974081862944948e8ccedc93e611404 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 04:00

Sharing

Report Analysis Logs

General

Target

616ee2b75f271cfd5640429269ba55c0_NEAS.dll
Size

115KB
MD5

616ee2b75f271cfd5640429269ba55c0
SHA1

e2b44fabad6f9dc4fc82bdce78f2bbca8c50ff71
SHA256

d187e203ce084abfc5615a0ea6dd0892d974081862944948e8ccedc93e611404
SHA512

1694dd5042de3a2f0c834f3905218d5ef3e86d16d645128d60b9219a963f9b9889d940822899a2f4c74dd23eb4191b1af3c606dff2580936cb65313fd6306c99
SSDEEP

3072:GbeyWV4SRGjKLLN0zFLFZaCppgW477tY3z:GweSRG2uLFkCpp7474

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\616ee2b75f271cfd5640429269ba55c0_NEAS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\616ee2b75f271cfd5640429269ba55c0_NEAS.dll,#1
  2⤵
  PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2124-0-0x0000000010000000-0x0000000010038000-memory.dmp

Filesize
224KB

Download
memory/2124-1-0x0000000010000000-0x0000000010038000-memory.dmp

Filesize
224KB

Download