5cf64a84c0580afdca98f9002269354eba713b3036ddfb43c4faa019325f62a7

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 19:10

Target

NEAS.bb7ae5299962936d2a595aa1b042e010.dll
Size

100KB
MD5

bb7ae5299962936d2a595aa1b042e010
SHA1

549539747b299444b8cf62f3984ec6aea0228882
SHA256

5cf64a84c0580afdca98f9002269354eba713b3036ddfb43c4faa019325f62a7
SHA512

edb19b82cf4e0d6cfe765ff980e007cbfb382518f1c23f77a9b20699b67a0dabbfe2ed6301882cc1147be4e622037268da8cda6034028b70844d984cbfad648e
SSDEEP

768:+E2YdeH+kLv5KnazbVHHLU67ABgWZCeHyGWVeHNFOg/NnGyX+afdGwyJsa:+S4ZFn4eADYeSLVeXOg/NGyO1wyJs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 3048	1768	rundll32.exe	28
PID 1768 wrote to memory of 3048	1768	rundll32.exe	28
PID 1768 wrote to memory of 3048	1768	rundll32.exe	28
PID 1768 wrote to memory of 3048	1768	rundll32.exe	28
PID 1768 wrote to memory of 3048	1768	rundll32.exe	28
PID 1768 wrote to memory of 3048	1768	rundll32.exe	28
PID 1768 wrote to memory of 3048	1768	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bb7ae5299962936d2a595aa1b042e010.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bb7ae5299962936d2a595aa1b042e010.dll,#1
  2⤵
  PID:3048