625f4b2d9489e73f9035a364382104ec8e74f1773b48594dec8b7caaba52c56b

Analysis

max time kernel
125s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 09:13

Target

NEAS.a7ffed780112774f97ced626f277dec0_JC.dll
Size

6KB
MD5

a7ffed780112774f97ced626f277dec0
SHA1

aa70a1b2421720d457871bcf3191866a179aadd7
SHA256

625f4b2d9489e73f9035a364382104ec8e74f1773b48594dec8b7caaba52c56b
SHA512

6dc641d718b3633b26c81d880870b19f52cf6f0ec0cec9fe860d469eb62016cec24f5e5e81ac3dacca373f59e0181a41cad39d4c9d4c17f9ba8c578f948f9265
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqag5TLz7D87DV:hy859x0P8MaagxLz7D87DV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 1228	2376	rundll32.exe	87
PID 2376 wrote to memory of 1228	2376	rundll32.exe	87
PID 2376 wrote to memory of 1228	2376	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a7ffed780112774f97ced626f277dec0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a7ffed780112774f97ced626f277dec0_JC.dll,#1
  2⤵
  PID:1228