ac9047914312f8ef2e5340d88d91519b87f7adb7719ec8c87a60b5a35d912afc

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 22:46

Target

NEAS.5bd3e5b141ffe0e46c94d321ec6fc250_JC.dll
Size

67KB
MD5

5bd3e5b141ffe0e46c94d321ec6fc250
SHA1

1026087b1755d42f3789f491b5e50a0473842c9f
SHA256

ac9047914312f8ef2e5340d88d91519b87f7adb7719ec8c87a60b5a35d912afc
SHA512

a9a7758882378212a3077e9cc21379948e9a6272f1c99acd120ecd2200cd2ce8829959836943822c28e351e1a22ee6053b5a8873191e6bbe7f7095e37ccdcf7b
SSDEEP

1536:6wIalkJqM3WYNkTsK/yylVIkl4Z3ZHiOCROv8GKsRN/azZuANbOf2oue:6L19G9wK6ypSt0Ov8GKsRJSZuANbOf2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 3784	552	rundll32.exe	84
PID 552 wrote to memory of 3784	552	rundll32.exe	84
PID 552 wrote to memory of 3784	552	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5bd3e5b141ffe0e46c94d321ec6fc250_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5bd3e5b141ffe0e46c94d321ec6fc250_JC.dll,#1
  2⤵
  PID:3784