e9a92175798a2a05c59c8436f062cb74a1503b43e43fbc31d9b3f17e37c9b4a1

Analysis

max time kernel
134s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2023 10:07

Target

NEAS.0975a0bdcdbe5b00468131d773a24510_JC.dll
Size

6KB
MD5

0975a0bdcdbe5b00468131d773a24510
SHA1

76c19ad2ed6cf160ce8cc88316cf75f513633cc8
SHA256

e9a92175798a2a05c59c8436f062cb74a1503b43e43fbc31d9b3f17e37c9b4a1
SHA512

6467e854afccd1b32ec42dd2e0108f9b0c01714450e5f6306cf68957f004abad9e165695fe144649e42815129e259adf909973ed3a0d9a530d0cdf6cd661e7c8
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G05B+BDq9J5S2:0QDV8FscMjsLFV3xB+FqX5S2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3576	5036	rundll32.exe	86
PID 5036 wrote to memory of 3576	5036	rundll32.exe	86
PID 5036 wrote to memory of 3576	5036	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.0975a0bdcdbe5b00468131d773a24510_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.0975a0bdcdbe5b00468131d773a24510_JC.dll,#1
  2⤵
  PID:3576