5cf64a84c0580afdca98f9002269354eba713b3036ddfb43c4faa019325f62a7

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 19:10

Target

NEAS.bb7ae5299962936d2a595aa1b042e010.dll
Size

100KB
MD5

bb7ae5299962936d2a595aa1b042e010
SHA1

549539747b299444b8cf62f3984ec6aea0228882
SHA256

5cf64a84c0580afdca98f9002269354eba713b3036ddfb43c4faa019325f62a7
SHA512

edb19b82cf4e0d6cfe765ff980e007cbfb382518f1c23f77a9b20699b67a0dabbfe2ed6301882cc1147be4e622037268da8cda6034028b70844d984cbfad648e
SSDEEP

768:+E2YdeH+kLv5KnazbVHHLU67ABgWZCeHyGWVeHNFOg/NnGyX+afdGwyJsa:+S4ZFn4eADYeSLVeXOg/NGyO1wyJs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 460	4504	rundll32.exe	82
PID 4504 wrote to memory of 460	4504	rundll32.exe	82
PID 4504 wrote to memory of 460	4504	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bb7ae5299962936d2a595aa1b042e010.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bb7ae5299962936d2a595aa1b042e010.dll,#1
  2⤵
  PID:460