a39d2a3c6a55c9195745ec3e7db0124f6586b1dda8a15d090ec276b7328613ac

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:35

Target

NEAS.bd4ffe07ff0c64c9f6ddae1d993d58e0.dll
Size

446KB
MD5

bd4ffe07ff0c64c9f6ddae1d993d58e0
SHA1

fc09b7649f22eb80a06df5dfba809f1cdabdc9d2
SHA256

a39d2a3c6a55c9195745ec3e7db0124f6586b1dda8a15d090ec276b7328613ac
SHA512

01c45cc461dab1c97efb387cfc30f09163b6009f38a25ebafef2709a48b7726c9df6e6de62fcd70f63885baaa15bcf628b696929bd741c47f3140674d754bb4f
SSDEEP

12288:M86vVNoHaL+5eGycOJByqTbnMm3UPc7Bsl0x:3MVpLMeGyckUk7Bsl0x

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2668	3008	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 3008	3060	rundll32.exe	28
PID 3060 wrote to memory of 3008	3060	rundll32.exe	28
PID 3060 wrote to memory of 3008	3060	rundll32.exe	28
PID 3060 wrote to memory of 3008	3060	rundll32.exe	28
PID 3060 wrote to memory of 3008	3060	rundll32.exe	28
PID 3060 wrote to memory of 3008	3060	rundll32.exe	28
PID 3060 wrote to memory of 3008	3060	rundll32.exe	28
PID 3008 wrote to memory of 2668	3008	rundll32.exe	29
PID 3008 wrote to memory of 2668	3008	rundll32.exe	29
PID 3008 wrote to memory of 2668	3008	rundll32.exe	29
PID 3008 wrote to memory of 2668	3008	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bd4ffe07ff0c64c9f6ddae1d993d58e0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bd4ffe07ff0c64c9f6ddae1d993d58e0.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 224
    3⤵
    - Program crash
    PID:2668

memory/3008-0-0x00000000746B0000-0x000000007478A000-memory.dmp

Filesize
872KB

Download
memory/3008-1-0x00000000745D0000-0x00000000746AA000-memory.dmp

Filesize
872KB

Download
memory/3008-3-0x00000000745D0000-0x00000000746AA000-memory.dmp

Filesize
872KB

Download
memory/3008-4-0x00000000745D0000-0x00000000746AA000-memory.dmp

Filesize
872KB

Download
memory/3008-5-0x00000000746B0000-0x000000007478A000-memory.dmp

Filesize
872KB

Download