4832c597badbb52d122adf04e305a73347dd55d425393c344664dafe06805909

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16-10-2023 18:25

Target

NEAS.77f9ee58c5b54a01ef9b3036e09411f0.dll
Size

139KB
MD5

77f9ee58c5b54a01ef9b3036e09411f0
SHA1

19dfaebe25f803fa9b3f556167d1037ff4c42acc
SHA256

4832c597badbb52d122adf04e305a73347dd55d425393c344664dafe06805909
SHA512

ce8a2a03b86741129809195893b5a1e9760400e537f7a4e2d2a417899736ba84fb6e380e4539d93a0c4cc38d869acd4fac572cdd1ec81fe3e9940cdd25366992
SSDEEP

3072:Msr9E+7NnVmZUKrhgxKbmgQoMxxda5t64pWPE:tl7iixKbmjxdat64pWPE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2956	2908	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2908	1404	rundll32.exe	28
PID 1404 wrote to memory of 2908	1404	rundll32.exe	28
PID 1404 wrote to memory of 2908	1404	rundll32.exe	28
PID 1404 wrote to memory of 2908	1404	rundll32.exe	28
PID 1404 wrote to memory of 2908	1404	rundll32.exe	28
PID 1404 wrote to memory of 2908	1404	rundll32.exe	28
PID 1404 wrote to memory of 2908	1404	rundll32.exe	28
PID 2908 wrote to memory of 2956	2908	rundll32.exe	29
PID 2908 wrote to memory of 2956	2908	rundll32.exe	29
PID 2908 wrote to memory of 2956	2908	rundll32.exe	29
PID 2908 wrote to memory of 2956	2908	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.77f9ee58c5b54a01ef9b3036e09411f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.77f9ee58c5b54a01ef9b3036e09411f0.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
    3⤵
    - Program crash
    PID:2956