fcaf875933ee4b6cdc7371fa27d8fb5cba1deed533ddfc656a0088ee1acb37ad

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06/10/2023, 15:45

Target

NEAS.19cd8cf8fc5133faf1e97f488c7a1b80_JC.dll
Size

963KB
MD5

19cd8cf8fc5133faf1e97f488c7a1b80
SHA1

d9d84da7042a89ef815a4e60bad90c2b889367da
SHA256

fcaf875933ee4b6cdc7371fa27d8fb5cba1deed533ddfc656a0088ee1acb37ad
SHA512

5c4edd2514eea6dd36a1029f13ea92e3fd6569f20ece03491486ea49a7803d5984074e9f7ad6e223016e7ddd488b84705cfccc24634c67ddb0926aa6e9672b63
SSDEEP

24576:q5nj0wsk7ICDqeGUKOq8SArtFJmYVaW3Nw:q5njpH7ICDqe9KOqDoUY0WG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2344	2420	rundll32.exe	28
PID 2420 wrote to memory of 2344	2420	rundll32.exe	28
PID 2420 wrote to memory of 2344	2420	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.19cd8cf8fc5133faf1e97f488c7a1b80_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2420 -s 124
  2⤵
  PID:2344