4b863926232ee4bfb3079f021e6f2feeb6b7cef7896d7b7ddde7cddb838fcf49

Analysis

max time kernel
173s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 17:57

Target

NEAS.629080ec42542e9741ec7484b3d46d80.dll
Size

337KB
MD5

629080ec42542e9741ec7484b3d46d80
SHA1

7b4b9ae96e1f8e7dbc0243030e1359eeda4bdf42
SHA256

4b863926232ee4bfb3079f021e6f2feeb6b7cef7896d7b7ddde7cddb838fcf49
SHA512

b24c76eb923d59c782871c109442c1189520f5700c01c80d2bf6d8bfdaa9aca276ef249be3fe8a7bdea657d82c18dbbe9193ff861a76ffd45ba1d5dfcc59c5b4
SSDEEP

6144:l7oTcPiSmOfj9/th+SyFDnUBCovM3ZSqrO+zkiddBnU/o2O5LiqS4Y+QPKIN7P:toeiSVlzRyleVvYTOHizBUATU4FIN7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 4808	4668	rundll32.exe	85
PID 4668 wrote to memory of 4808	4668	rundll32.exe	85
PID 4668 wrote to memory of 4808	4668	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.629080ec42542e9741ec7484b3d46d80.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.629080ec42542e9741ec7484b3d46d80.dll,#1
  2⤵
  PID:4808