8c1815c7f16a65273f3dce70489e569cc3d5811695cced1c0c37b7b59de60fba

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2023 14:26

Target

NEAS.a4e7dfe3709c8e315fbca26f98cfdf50_JC.dll
Size

73KB
MD5

a4e7dfe3709c8e315fbca26f98cfdf50
SHA1

853485f80c702eb1461d7b2f4d72a062db7b701c
SHA256

8c1815c7f16a65273f3dce70489e569cc3d5811695cced1c0c37b7b59de60fba
SHA512

b8960d55364d6539ee29916216c403d9e672dca5ab9fdc37c9669465c05d4bd4359069bbbf9e3e385daed655bc1196a6207327eda0802aaf85133cc204fbcf64
SSDEEP

1536:pdsa99weHD53HleFnYrlAdIq21Ryba3I+w5o9Y2E/gknKMJR:EMSejR4YRjq21I9+w5oOZp

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1904-0-0x0000000010000000-0x000000001005E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 1904	3116	rundll32.exe	71
PID 3116 wrote to memory of 1904	3116	rundll32.exe	71
PID 3116 wrote to memory of 1904	3116	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a4e7dfe3709c8e315fbca26f98cfdf50_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a4e7dfe3709c8e315fbca26f98cfdf50_JC.dll,#1
  2⤵
  PID:1904

memory/1904-0-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download