4c2c92d78499173cb26e236622808e15cfbd86ebb7cdb601d3f01bf1ea2daefd

Analysis

max time kernel
84s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:34

Target

NEAS.b8d5aec9b8de8f2b09c2b803e3d037d0.dll
Size

6KB
MD5

b8d5aec9b8de8f2b09c2b803e3d037d0
SHA1

90ff5e78ef823c642aa89757b75af31253dd2e58
SHA256

4c2c92d78499173cb26e236622808e15cfbd86ebb7cdb601d3f01bf1ea2daefd
SHA512

2468012f10ac1436270adf04db6384af7180409fc1cbb4d6237c4b3fa441ac7b7343c1258b1ef65acb3ec28938f04e121eabceb2345badecc57957b6121c7c83
SSDEEP

48:6EQt5YVOSVVEPy+wEMmqiHNpU10SXB+BDq9J5SV3DY:CSVVEPozmB7UXB+FqX5S1D

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2228	1032	rundll32.exe	83
PID 1032 wrote to memory of 2228	1032	rundll32.exe	83
PID 1032 wrote to memory of 2228	1032	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.b8d5aec9b8de8f2b09c2b803e3d037d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.b8d5aec9b8de8f2b09c2b803e3d037d0.dll,#1
  2⤵
  PID:2228