f51fab2cf3899301fa06f28b3231571f8f7b11ff3f1090337ec353df3a55eb82

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2023 20:05

Target

NEAS.2d5d712961519ef8da7daff5e53e7bb0_JC.dll
Size

6KB
MD5

2d5d712961519ef8da7daff5e53e7bb0
SHA1

b1ef49948ee90bd6903c71f05a8a467e99631725
SHA256

f51fab2cf3899301fa06f28b3231571f8f7b11ff3f1090337ec353df3a55eb82
SHA512

ffb4dac067ccb3d849cd89b8d63f219cf97bd0909f2f6afef75cea6d7c54e39ad94270f06d7fdbff0a9b117af8aaaac68153c9cc387f9737bd1a8bc0c20fa4d2
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIiaqEg+sjKsbZTayA3xwzgCYfwKbXks4A:unSR6bgYYsjjbZa3KzuMO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 4128	112	rundll32.exe	82
PID 112 wrote to memory of 4128	112	rundll32.exe	82
PID 112 wrote to memory of 4128	112	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.2d5d712961519ef8da7daff5e53e7bb0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.2d5d712961519ef8da7daff5e53e7bb0_JC.dll,#1
  2⤵
  PID:4128