15c609d0a4f4df5beeea4e410580aa33601db23481cf86a30db79de5ba20fa45

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 01:34

Target

NEAS.aa74779994d5c04a058520b822893240_JC.dll
Size

192KB
MD5

aa74779994d5c04a058520b822893240
SHA1

651488e2114e3ae9e95602f42b4af1efcf89547d
SHA256

15c609d0a4f4df5beeea4e410580aa33601db23481cf86a30db79de5ba20fa45
SHA512

98bc8bc18c70bae29c8291cc551eb2134eecca2f17216e40ec18d2e6f081b9b76446e3eadecdc188cb04f3e9880fdbaf169c6312a1608f991f48ed7be7f1d59f
SSDEEP

3072:480J8IMILmCa3yx6oFEdgVXnFtLLJZBgfxm3:4okmCaiEoFEd+Ftwxm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2948	2020	rundll32.exe	28
PID 2020 wrote to memory of 2948	2020	rundll32.exe	28
PID 2020 wrote to memory of 2948	2020	rundll32.exe	28
PID 2020 wrote to memory of 2948	2020	rundll32.exe	28
PID 2020 wrote to memory of 2948	2020	rundll32.exe	28
PID 2020 wrote to memory of 2948	2020	rundll32.exe	28
PID 2020 wrote to memory of 2948	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.aa74779994d5c04a058520b822893240_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.aa74779994d5c04a058520b822893240_JC.dll,#1
  2⤵
  PID:2948