fa2b98b571be9a87a656407ac8f14b8f3188610b6699a949bb86a700704797af

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 19:57

Target

NEAS.94c9000cc30066e99ac8904cec6b11f0.dll
Size

46KB
MD5

94c9000cc30066e99ac8904cec6b11f0
SHA1

4d6a142d6e49728aba3bd5d5eb434015a063f070
SHA256

fa2b98b571be9a87a656407ac8f14b8f3188610b6699a949bb86a700704797af
SHA512

6203fed8e841402d9abf84dd9f392af925d93602edde86a46d2b69cdb6dd201706ee11004e5d1130e9747e2ad64807ed50af5fc5b7046dbe0384fa1997189354
SSDEEP

768:eEuSsljkfHjFfudoNzZyXDWqP8CJzYkH4xbEMPGb:eEuLjkfHjFfoo/LgQxbEb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2440	1988	rundll32.exe	28
PID 1988 wrote to memory of 2440	1988	rundll32.exe	28
PID 1988 wrote to memory of 2440	1988	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.94c9000cc30066e99ac8904cec6b11f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1988 -s 84
  2⤵
  PID:2440