50026eb78dac299a5738c48fd6aa6844ebfcc363edfc480bd7c466235168be86

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04-11-2023 09:53

Target

NEAS.6417e6ea3ff5a5af429d56cc5a5252e0_JC.dll
Size

101KB
MD5

6417e6ea3ff5a5af429d56cc5a5252e0
SHA1

469b9373d07c52268c92c4eb34ef5f3c5b84de8b
SHA256

50026eb78dac299a5738c48fd6aa6844ebfcc363edfc480bd7c466235168be86
SHA512

8ca09df5b6db3d7baefd771e800de0abc3c2fca1f1ac09f1461efed069c52dbf04f516c6ac99014e216db766d6e6a9a0ad2a3442ee6db56623b48fa1f3340eff
SSDEEP

1536:oEkHi1Wmle/z6yCkcVvxJrIhl52E/NKpnAQHX4+X/YH5nx:AC9le/udvvru18VpXQH5nx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2116	2040	rundll32.exe	28
PID 2040 wrote to memory of 2116	2040	rundll32.exe	28
PID 2040 wrote to memory of 2116	2040	rundll32.exe	28
PID 2040 wrote to memory of 2116	2040	rundll32.exe	28
PID 2040 wrote to memory of 2116	2040	rundll32.exe	28
PID 2040 wrote to memory of 2116	2040	rundll32.exe	28
PID 2040 wrote to memory of 2116	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6417e6ea3ff5a5af429d56cc5a5252e0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6417e6ea3ff5a5af429d56cc5a5252e0_JC.dll,#1
  2⤵
  PID:2116