6aa4b11ac815fa3887932a74ed802470fe1887284861142ee9e30271deadd3bf

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 22:29

Target

NEAS.da294735c08a4216927fb88dc84e2d10_JC.dll
Size

6KB
MD5

da294735c08a4216927fb88dc84e2d10
SHA1

396eaf8a431d34f2366e56d64b724f7dbc5d2beb
SHA256

6aa4b11ac815fa3887932a74ed802470fe1887284861142ee9e30271deadd3bf
SHA512

d126144a7cd385181fc1f1d6eff53ff93545a76e448713c0d29723f49872b33268cc9da99309d650b8e48b55b65babb4fdd15c220d56b281e0632a6e393b0038
SSDEEP

96:hy859x0P8MagG9kJJ6DBk6XKULQBFw5LdH6knkb1ymDPVVm+n/uYddr:F5oLpJ6DnQBC5symDtVmI/t

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1980	2160	rundll32.exe	28
PID 2160 wrote to memory of 1980	2160	rundll32.exe	28
PID 2160 wrote to memory of 1980	2160	rundll32.exe	28
PID 2160 wrote to memory of 1980	2160	rundll32.exe	28
PID 2160 wrote to memory of 1980	2160	rundll32.exe	28
PID 2160 wrote to memory of 1980	2160	rundll32.exe	28
PID 2160 wrote to memory of 1980	2160	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.da294735c08a4216927fb88dc84e2d10_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.da294735c08a4216927fb88dc84e2d10_JC.dll,#1
  2⤵
  PID:1980