550b6ee3c37726e324b46533b9d8e9d1922cec548e5f3de090e7e46e5d1e4c4d

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 11:57 UTC

Target

NEAS.da7f6d4de21e1b6286cfd33559a273f0_JC.dll
Size

172KB
MD5

da7f6d4de21e1b6286cfd33559a273f0
SHA1

296ddf5f0a2d427a94fdf12cea8d82f8633bd3e2
SHA256

550b6ee3c37726e324b46533b9d8e9d1922cec548e5f3de090e7e46e5d1e4c4d
SHA512

a6bc245095eceace003567df2f80685f63339cda98e18cf4762976e4184f8a45c8ea97479fbed9a3ef3e44a0cf377a0bd2a5486648f17c9663ee51058913f4a7
SSDEEP

3072:z7XAA0vXXGNOrw/MpcjtcKZkjXlDA5PtuO6o0BZ2gBM3/7juNyfMFS:HAAiXXHcpcBXRBO6oiZyiNyfgS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2508	2028	rundll32.exe	28
PID 2028 wrote to memory of 2508	2028	rundll32.exe	28
PID 2028 wrote to memory of 2508	2028	rundll32.exe	28
PID 2028 wrote to memory of 2508	2028	rundll32.exe	28
PID 2028 wrote to memory of 2508	2028	rundll32.exe	28
PID 2028 wrote to memory of 2508	2028	rundll32.exe	28
PID 2028 wrote to memory of 2508	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.da7f6d4de21e1b6286cfd33559a273f0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.da7f6d4de21e1b6286cfd33559a273f0_JC.dll,#1
  2⤵
  PID:2508

memory/2508-0-0x0000000000840000-0x00000000008B3000-memory.dmp

Filesize
460KB

Download
memory/2508-1-0x0000000000840000-0x00000000008B3000-memory.dmp

Filesize
460KB

Download
memory/2508-2-0x0000000000840000-0x00000000008B3000-memory.dmp

Filesize
460KB

Download
memory/2508-3-0x0000000000840000-0x00000000008B3000-memory.dmp

Filesize
460KB

Download