b75c597473a1f7d06f51287dd1cba32ccdc0a7eba1284a0657827f174f770b1c

Analysis

max time kernel
91s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:23

Target

NEAS.928780e09f6ebb9df58351b70bef3c90.dll
Size

6KB
MD5

928780e09f6ebb9df58351b70bef3c90
SHA1

89da07de0ffa599b064d29d87f0ae0ae02f23219
SHA256

b75c597473a1f7d06f51287dd1cba32ccdc0a7eba1284a0657827f174f770b1c
SHA512

149304a16dc698ad9717ec39355c50b0dfb7d2c4ee6e7e4c4a4604060f2f698c38ed933ffe029d1ad5d20744a9bb8aa2b082f74248884b5590f63a5ce7fdf64a
SSDEEP

96:nEY2RrF1eqwi49fJ6VAcN9wempelW/gJCq4Edp1/gb5Icxgva:EHRh1eppIAcNO78BfJgNISgva

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 844	4908	rundll32.exe	75
PID 4908 wrote to memory of 844	4908	rundll32.exe	75
PID 4908 wrote to memory of 844	4908	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.928780e09f6ebb9df58351b70bef3c90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.928780e09f6ebb9df58351b70bef3c90.dll,#1
  2⤵
  PID:844