9af90272b86f7c8c782b0b131c2041ccfe737896b971d32d153be097c27f5694

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:36

Target

NEAS.ed1c4195390cc84e1fdf029dccb90990.dll
Size

412KB
MD5

ed1c4195390cc84e1fdf029dccb90990
SHA1

ac2b246ff1dd3c366809136397532a6d3b92c0e0
SHA256

9af90272b86f7c8c782b0b131c2041ccfe737896b971d32d153be097c27f5694
SHA512

36e76cbade6dec37fbfa8615f703078c5e06e3269b2b59c1f7c4d7b7a47fba117acaa6c7d56bb4a736e6697ae06f08707f520b7da9b836b01c04427519aa3f84
SSDEEP

6144:e1Mhy8YZpGUXupROm5VY1TBKbMXYpKuX/7q5S/s5CsCGwjMxnhNkw3a7c3O3g:aMhyhG8mw1Tup/mgkCJHMzNLYuOQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2192	2152	rundll32.exe	28
PID 2152 wrote to memory of 2192	2152	rundll32.exe	28
PID 2152 wrote to memory of 2192	2152	rundll32.exe	28
PID 2152 wrote to memory of 2192	2152	rundll32.exe	28
PID 2152 wrote to memory of 2192	2152	rundll32.exe	28
PID 2152 wrote to memory of 2192	2152	rundll32.exe	28
PID 2152 wrote to memory of 2192	2152	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.ed1c4195390cc84e1fdf029dccb90990.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.ed1c4195390cc84e1fdf029dccb90990.dll,#1
  2⤵
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\8AD2.tmp
    C:\Users\Admin\AppData\Local\Temp\8AD2.tmp
    3⤵
    PID:2316

memory/2192-1-0x0000000000670000-0x00000000006AE000-memory.dmp

Filesize
248KB

Download
memory/2192-0-0x0000000000670000-0x00000000006AE000-memory.dmp

Filesize
248KB

Download