22a940429083682bfa97147936fa88e40c38f265c800b0e85cfb2cd4eb262519

Analysis

max time kernel
150s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:13

Target

NEAS.3f2cccf2ef533f48478deed3e0d029a0.dll
Size

4KB
MD5

3f2cccf2ef533f48478deed3e0d029a0
SHA1

a3568119e1c0c61f3988213e64b0b7bc5c7ebc58
SHA256

22a940429083682bfa97147936fa88e40c38f265c800b0e85cfb2cd4eb262519
SHA512

7b4dc12b84ff427d50024ccee08947ab81c814ad20e43d8413f15aa79127f768e8d5540beaa8e919b982ce195f2e0fd3e9cda425143b6568b6da3230130b7e41
SSDEEP

48:SWkO0IoyTnXz+ihZjokLy60oTxVEUs9gvV7AwvT4dXXnM:ZJTnXzvokLyBotVE9myAyXc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 4844	2152	rundll32.exe	21
PID 2152 wrote to memory of 4844	2152	rundll32.exe	21
PID 2152 wrote to memory of 4844	2152	rundll32.exe	21

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.3f2cccf2ef533f48478deed3e0d029a0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.3f2cccf2ef533f48478deed3e0d029a0.dll,#1
  2⤵
  PID:4844