91f71e6cd1d71f4cb942913c26f699e199abfc62e9d9fa8b54eab476775be1e1

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 18:14

Target

NEAS.4f172c8036d850a3c6e3739570e13860_JC.dll
Size

6KB
MD5

4f172c8036d850a3c6e3739570e13860
SHA1

89c3a6e102af7d7bdbf5a5e227e87d143ad3ab76
SHA256

91f71e6cd1d71f4cb942913c26f699e199abfc62e9d9fa8b54eab476775be1e1
SHA512

07e03e9381873a8eb1fbe87805b3f0d7723f8f609c9f80ba49d80ace0b6023cffd1920a75c5837282b98d87a53d311a2799c06343fc9a617fe8f85afc10773e6
SSDEEP

96:nEY2RrF1eqwi4iedJ9QJTkbVQqgnH0fZ2IQBF5Bl4f0wrH:EHRh1eppfdJ6+QqgnUB2Idf0GH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 3236	2780	rundll32.exe	83
PID 2780 wrote to memory of 3236	2780	rundll32.exe	83
PID 2780 wrote to memory of 3236	2780	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.4f172c8036d850a3c6e3739570e13860_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.4f172c8036d850a3c6e3739570e13860_JC.dll,#1
  2⤵
  PID:3236