9d80d51401193d9f3842dd1578f9c50fde728685c7a6c1d257ec9f135a9e2fe3

Analysis

max time kernel
65s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2023 17:52

Target

NEAS.3dacdf72f6c23887985a442b3e500dc0.dll
Size

172KB
MD5

3dacdf72f6c23887985a442b3e500dc0
SHA1

6724365d909e46efecc1a5bcfc3dd621eb25a0c1
SHA256

9d80d51401193d9f3842dd1578f9c50fde728685c7a6c1d257ec9f135a9e2fe3
SHA512

a009b77879ee6984d72834c150b19842d6b86b288d10b57024732bd52365f39dcf68115f01af31048355dfd9f4fb73bed96563bee80eb2dfac5537ac5d67f0ca
SSDEEP

3072:z7XAA0vXXGNOrw/MpcjtcKZkjXlDA5PtuO6o0BZ2gBM3/7juNyfMFS:HAAiXXHcpcBXRBO6oiZyiNyfgS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 4464	3084	rundll32.exe	85
PID 3084 wrote to memory of 4464	3084	rundll32.exe	85
PID 3084 wrote to memory of 4464	3084	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.3dacdf72f6c23887985a442b3e500dc0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.3dacdf72f6c23887985a442b3e500dc0.dll,#1
  2⤵
  PID:4464

memory/4464-0-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download