294ac16b0cb7af89ade8e269008e3482fb60d81997c3ddf9cf66f8d9a0adf320

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 14:16

Target

NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll
Size

1.8MB
MD5

a3a57cf7e850f6cd02286d536b8b0150
SHA1

4a8b28f1a25377414a82dc60b0bf1943d19c055a
SHA256

294ac16b0cb7af89ade8e269008e3482fb60d81997c3ddf9cf66f8d9a0adf320
SHA512

58d9053d4c8a143a9c132a3bc88b25ffa586a48eaf6d79db4f0f295f00d544c97c6f3969f41b08fea8504460ee0fe322acaa873f0f423e0446fe1c6318cc4ee4
SSDEEP

49152:I38e6GdNIXj1xQWIGeY1I578jgiClCVm4qSw:YYtJIGeYeDbh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 536	4536	rundll32.exe	85
PID 4536 wrote to memory of 536	4536	rundll32.exe	85
PID 4536 wrote to memory of 536	4536	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll,#1
  2⤵
  PID:536

memory/536-0-0x0000000000550000-0x0000000000556000-memory.dmp

Filesize
24KB

Download
memory/536-1-0x0000000010000000-0x00000000101C2000-memory.dmp

Filesize
1.8MB

Download
memory/536-3-0x00000000007F0000-0x00000000008F5000-memory.dmp

Filesize
1.0MB

Download
memory/536-4-0x00000000023C0000-0x00000000024AA000-memory.dmp

Filesize
936KB

Download
memory/536-5-0x00000000023C0000-0x00000000024AA000-memory.dmp

Filesize
936KB

Download
memory/536-7-0x00000000023C0000-0x00000000024AA000-memory.dmp

Filesize
936KB

Download
memory/536-8-0x00000000023C0000-0x00000000024AA000-memory.dmp

Filesize
936KB

Download