b75c597473a1f7d06f51287dd1cba32ccdc0a7eba1284a0657827f174f770b1c

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 17:23

Target

NEAS.928780e09f6ebb9df58351b70bef3c90.dll
Size

6KB
MD5

928780e09f6ebb9df58351b70bef3c90
SHA1

89da07de0ffa599b064d29d87f0ae0ae02f23219
SHA256

b75c597473a1f7d06f51287dd1cba32ccdc0a7eba1284a0657827f174f770b1c
SHA512

149304a16dc698ad9717ec39355c50b0dfb7d2c4ee6e7e4c4a4604060f2f698c38ed933ffe029d1ad5d20744a9bb8aa2b082f74248884b5590f63a5ce7fdf64a
SSDEEP

96:nEY2RrF1eqwi49fJ6VAcN9wempelW/gJCq4Edp1/gb5Icxgva:EHRh1eppIAcNO78BfJgNISgva

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2540	2516	rundll32.exe	28
PID 2516 wrote to memory of 2540	2516	rundll32.exe	28
PID 2516 wrote to memory of 2540	2516	rundll32.exe	28
PID 2516 wrote to memory of 2540	2516	rundll32.exe	28
PID 2516 wrote to memory of 2540	2516	rundll32.exe	28
PID 2516 wrote to memory of 2540	2516	rundll32.exe	28
PID 2516 wrote to memory of 2540	2516	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.928780e09f6ebb9df58351b70bef3c90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.928780e09f6ebb9df58351b70bef3c90.dll,#1
  2⤵
  PID:2540