92fabb4843c4157fb1c2dbfe8fa95a40d420636ee52ff5ef684136b58500a05b

Analysis

max time kernel
121s
max time network
139s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 13:46

Target

NEAS.546d7de3c9d25e83eac7d88954cb4480_JC.dll
Size

6KB
MD5

546d7de3c9d25e83eac7d88954cb4480
SHA1

53f4efd0c29938a8abfa81aa4c5ed477e27075e7
SHA256

92fabb4843c4157fb1c2dbfe8fa95a40d420636ee52ff5ef684136b58500a05b
SHA512

ee35b8af7e6577882df777a52899a72db73e64f0ff1a2c2760cf2a24930f0c34dd59193960ec4897be9b85ab572b5ee6ea4c5302a55198688855fa9b772bba44
SSDEEP

96:VGEETrMLH5/OdnQVnykliKJMeRv3LwJR1DYl+xVs5dEFC:efM8xIykljCeRv3yTDYsxx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1868	2216	rundll32.exe	27
PID 2216 wrote to memory of 1868	2216	rundll32.exe	27
PID 2216 wrote to memory of 1868	2216	rundll32.exe	27
PID 2216 wrote to memory of 1868	2216	rundll32.exe	27
PID 2216 wrote to memory of 1868	2216	rundll32.exe	27
PID 2216 wrote to memory of 1868	2216	rundll32.exe	27
PID 2216 wrote to memory of 1868	2216	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.546d7de3c9d25e83eac7d88954cb4480_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.546d7de3c9d25e83eac7d88954cb4480_JC.dll,#1
  2⤵
  PID:1868