Analysis
-
max time kernel
136s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 12:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8887a1397118b500e3b2982546c38710_NEAS.dll
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
8887a1397118b500e3b2982546c38710_NEAS.dll
-
Size
820KB
-
MD5
8887a1397118b500e3b2982546c38710
-
SHA1
8cbad0fe21d2c030d6b3b993afcb98a679f92caf
-
SHA256
3a6d635237c06523388c4fd2d324adaff5b6f98459cee975921a2250c65ce289
-
SHA512
a1f0837534b9e352d4b790bb58ce3a0f224b191aa318bfa28069d79496f3be5bb8ae5bb53bec8b41c59813b41aa9e6431f96f1e06552a56bb7f6f6acf27382b0
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYW:o6RI1Fo/wT3cJYYYYYYYYYYYYW
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1184 wrote to memory of 4956 1184 rundll32.exe 83 PID 1184 wrote to memory of 4956 1184 rundll32.exe 83 PID 1184 wrote to memory of 4956 1184 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8887a1397118b500e3b2982546c38710_NEAS.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8887a1397118b500e3b2982546c38710_NEAS.dll,#12⤵PID:4956
-