448d8e5e013b59502d020f19123dd24c9f37e58d2cd267c2109289b27a452532

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:09

Target

NEAS.5cfac8bfdfa4aae788a4a8bbdae93d70.dll
Size

15KB
MD5

5cfac8bfdfa4aae788a4a8bbdae93d70
SHA1

61422dac22f0060fa41dbf2153103b7a39e864c8
SHA256

448d8e5e013b59502d020f19123dd24c9f37e58d2cd267c2109289b27a452532
SHA512

679a889cedb8891436238fea8adf1f00eb095705141dfeddcc55baeb629e4dede340625b86363fdac1dd0793e43460926434e81eeb35295b3c28cb509c124991
SSDEEP

192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2j0Mg:86UdHXcIiY535zBt2j0p

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 1948	2612	rundll32.exe	28
PID 2612 wrote to memory of 1948	2612	rundll32.exe	28
PID 2612 wrote to memory of 1948	2612	rundll32.exe	28
PID 2612 wrote to memory of 1948	2612	rundll32.exe	28
PID 2612 wrote to memory of 1948	2612	rundll32.exe	28
PID 2612 wrote to memory of 1948	2612	rundll32.exe	28
PID 2612 wrote to memory of 1948	2612	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5cfac8bfdfa4aae788a4a8bbdae93d70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5cfac8bfdfa4aae788a4a8bbdae93d70.dll,#1
  2⤵
  PID:1948