5fbc039570a2f04ef5ef266869fefb2111c9f6bce407743492c5534d985b179a

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 08:19

Target

NEAS.de5da169fc63d154c3dae26de1cda480.dll
Size

33KB
MD5

de5da169fc63d154c3dae26de1cda480
SHA1

51a7f628893c49d87fffa24ede8ddfa55d65e4f6
SHA256

5fbc039570a2f04ef5ef266869fefb2111c9f6bce407743492c5534d985b179a
SHA512

6ce7d5d0eb3bce1786bddb6f4648bb9ce4b880efe6c165e4ddb4fd37acc8a41c66a38b5a3d7dd5fa8c55eafb5ebffe1b8668a088702d6ea67798b0df2986362f
SSDEEP

384:9UZHAg+6dYJ1NwSplYAJt/Fv7fWF6/FAEhUIolvV++1nu6EDHpr/c1/NC7vyHNHw:dsSplbJhFi6tBh/gUmnTEDD7vyHNQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2140	1044	rundll32.exe	27
PID 1044 wrote to memory of 2140	1044	rundll32.exe	27
PID 1044 wrote to memory of 2140	1044	rundll32.exe	27
PID 1044 wrote to memory of 2140	1044	rundll32.exe	27
PID 1044 wrote to memory of 2140	1044	rundll32.exe	27
PID 1044 wrote to memory of 2140	1044	rundll32.exe	27
PID 1044 wrote to memory of 2140	1044	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.de5da169fc63d154c3dae26de1cda480.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.de5da169fc63d154c3dae26de1cda480.dll,#1
  2⤵
  PID:2140