bf1009c922ba365991b1a042f50818da50fc8397f9f860a000a0e5528853b536

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 22:31

Target

NEAS.18a5caa5cc815cfe12b698a5db9b3ce0.dll
Size

349KB
MD5

18a5caa5cc815cfe12b698a5db9b3ce0
SHA1

a64cbe6f36ed0c182bcafc20e8fdbfa9cfe266a6
SHA256

bf1009c922ba365991b1a042f50818da50fc8397f9f860a000a0e5528853b536
SHA512

ea23ed7c8305d156d019897ef5c4687b86833c34e62e0c1e8668dac8d36b2161cd23281bbddf899fd21b81fecb84e24d473ab8a8ad34fa86f1b2c2b2ec9df8b5
SSDEEP

6144:vpeLT+51vNB1Qd04JKF8JGdJxUsP2vLulPxMQ/C7bL7hRS:4LT+55NB1etJ0JXP2vLSPiQ/Cj7zS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2688	4940	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 4940	4916	rundll32.exe	86
PID 4916 wrote to memory of 4940	4916	rundll32.exe	86
PID 4916 wrote to memory of 4940	4916	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.18a5caa5cc815cfe12b698a5db9b3ce0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.18a5caa5cc815cfe12b698a5db9b3ce0.dll,#1
  2⤵
  PID:4940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 640
    3⤵
    - Program crash
    PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4940 -ip 4940
1⤵
PID:3688

memory/4940-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download