1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3

Analysis

max time kernel
96s
max time network
48s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 08:52

Target

NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll
Size

102KB
MD5

ed15379ed0c9f2e2cc0c105fc8f08896
SHA1

eb19214f7242ffa308fb1366f619a6293ab5c2e9
SHA256

1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3
SHA512

9c3563fc4f16b124053d21937aabb0be32deda3c673ea04505df662d972352b62ea7488f3d0177d8cc868e9cdda49b298db6ac589a71799025f8bcedd5e70fcd
SSDEEP

3072:+rU7xUICZ+FOIm2Kosm72uQR6wQr77xUZYNS60Z:uEFhgYsS2uQRevNS60Z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2656 wrote to memory of 2788	2656	rundll32.exe	rundll32.exe
PID 2656 wrote to memory of 2788	2656	rundll32.exe	rundll32.exe
PID 2656 wrote to memory of 2788	2656	rundll32.exe	rundll32.exe
PID 2656 wrote to memory of 2788	2656	rundll32.exe	rundll32.exe
PID 2656 wrote to memory of 2788	2656	rundll32.exe	rundll32.exe
PID 2656 wrote to memory of 2788	2656	rundll32.exe	rundll32.exe
PID 2656 wrote to memory of 2788	2656	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3dll_JC.dll,#1
2⤵
PID:2788