bde5de2a4690f170082326c247a4c2edda82dc2a59c02f4b712fb8ae04460411 | Triage

Analysis

max time kernel
130s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 11:26

Sharing

Report Analysis Logs

General

Target

591df0a8fc4b3d1e308690b97a775660_NEAS.dll
Size

6KB
MD5

591df0a8fc4b3d1e308690b97a775660
SHA1

ae78e0d3e059fe3bc300a956b5571f51aa8178c7
SHA256

bde5de2a4690f170082326c247a4c2edda82dc2a59c02f4b712fb8ae04460411
SHA512

c80ab8c922eef507529a02d87cfffb075cee8b4ce96da81cc7d3c1dbfa51bceece5ab60a2614b225d43970f184da081f114bc27c09d9354954ddccaa63b410fa
SSDEEP

96:hy859x0P8MaKq/MtL7gY5N2jLxQXxxPnVI3Dg6MYw2:F5oLFPJ5NqQzwgn2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2016	3016	rundll32.exe	83
PID 3016 wrote to memory of 2016	3016	rundll32.exe	83
PID 3016 wrote to memory of 2016	3016	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\591df0a8fc4b3d1e308690b97a775660_NEAS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\591df0a8fc4b3d1e308690b97a775660_NEAS.dll,#1
  2⤵
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads