05ab699efb499029b008d85ec7ddaa054cf8e70f8643129f5658e8e9fd7dd95f

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 16:51

Target

NEAS.bb2bc69dd70aa53f51f29944d8d3b040.dll
Size

362KB
MD5

bb2bc69dd70aa53f51f29944d8d3b040
SHA1

1d40cc0dc683656ad9e0b93caac1a971795dbf77
SHA256

05ab699efb499029b008d85ec7ddaa054cf8e70f8643129f5658e8e9fd7dd95f
SHA512

9f5e0bd983ac8c6cfd2efb7d4f74f5343ddd3706416a3bbc91bd261d49d1be6859a900a5d29e00a4c6df930fa36d1d7dd128b5e37e4fe618dd47e721fd4a6c1b
SSDEEP

6144:hbxLdD2njmu36uNWvXKRL0l3pDPloPITPinEgPDQtDEVKIg8gVDo:h9L436y6KRLEhPloPITPbgPktDEVKIg6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2164	2924	rundll32.exe	28
PID 2924 wrote to memory of 2164	2924	rundll32.exe	28
PID 2924 wrote to memory of 2164	2924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bb2bc69dd70aa53f51f29944d8d3b040.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2924 -s 84
  2⤵
  PID:2164