d242fa98e7e6bcc799e071c46c22c8fb309688f90f66d3ec4e15110bbdd0c689

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 19:59

Target

NEAS.a8eaa375621eee9a011362c904d895f0.dll
Size

29KB
MD5

a8eaa375621eee9a011362c904d895f0
SHA1

e90e66e86b54a2fe36df242381720db374ff96b9
SHA256

d242fa98e7e6bcc799e071c46c22c8fb309688f90f66d3ec4e15110bbdd0c689
SHA512

cd310f35c155fb48ba3289aaa8de36efc9ccfd4061fe2ff41bc0998f5c32f277fe1e1c46b9f816192fe8a8e7784a3e5e3c9c19f610671261a24c02b1cc1dec57
SSDEEP

384:157PNvWhPBbBWm/IWMzuZdXZMsCpA/NieXeSvIW2vsHRN7iWcYR9zsLM57:0WzuTXZMw9I3wiWn9zd7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 3404	5056	rundll32.exe	83
PID 5056 wrote to memory of 3404	5056	rundll32.exe	83
PID 5056 wrote to memory of 3404	5056	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a8eaa375621eee9a011362c904d895f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a8eaa375621eee9a011362c904d895f0.dll,#1
  2⤵
  PID:3404