14e157980843da49198fc602cdd0c1c3efe55abdad5645bcf0e254d87b6dc567

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:29

Target

NEAS.d819bf3235efc55655e4db5cf2ad7d20.dll
Size

96KB
MD5

d819bf3235efc55655e4db5cf2ad7d20
SHA1

c2ab4aff0e1d754f4cd24660f926a379820adf88
SHA256

14e157980843da49198fc602cdd0c1c3efe55abdad5645bcf0e254d87b6dc567
SHA512

6de3e6707b7619d2a9377181905fc8af18229d50277a06ea504ed606f641ae58ab09293cc021313ccf29a1c9bd9b7c3e72f259d9811d211c63127292187f873b
SSDEEP

1536:xjmYcorC/3lzzVWeewN7Z86QW+XlTxsCZD:BmYcorC/Vz5WeJN75QW+5JZD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2060	2232	rundll32.exe	20
PID 2232 wrote to memory of 2060	2232	rundll32.exe	20
PID 2232 wrote to memory of 2060	2232	rundll32.exe	20
PID 2232 wrote to memory of 2060	2232	rundll32.exe	20
PID 2232 wrote to memory of 2060	2232	rundll32.exe	20
PID 2232 wrote to memory of 2060	2232	rundll32.exe	20
PID 2232 wrote to memory of 2060	2232	rundll32.exe	20

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d819bf3235efc55655e4db5cf2ad7d20.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.d819bf3235efc55655e4db5cf2ad7d20.dll,#1
  2⤵
  PID:2060