b0dff5d0bce5d4247bb07a763f050ea56901a69dbaefc4e2cf05383682692714 | Triage

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 15:27

Sharing

Report Analysis Logs

General

Target

cad694bb11c1e39f636b617f50f6ccd0_NEAS.dll
Size

3KB
MD5

cad694bb11c1e39f636b617f50f6ccd0
SHA1

b914dcd99684ae1692c05e56dc66f208a91d015b
SHA256

b0dff5d0bce5d4247bb07a763f050ea56901a69dbaefc4e2cf05383682692714
SHA512

7e7ee740ea905afce46310948997814b6af6027372ebd389434a1198a6d63cca3610b7d081535f1550bb125c26841621916f69300e53f8e91f3a44c65e6d360a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 1388	4292	rundll32.exe	90
PID 4292 wrote to memory of 1388	4292	rundll32.exe	90
PID 4292 wrote to memory of 1388	4292	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cad694bb11c1e39f636b617f50f6ccd0_NEAS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cad694bb11c1e39f636b617f50f6ccd0_NEAS.dll,#1
  2⤵
  PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads