23e71b6cc65bccaa4c08ffc5810839c6396f5f83fc62877e39e9eea06f186217

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 02:18

Target

NEAS.bdee720dd7225ff59a2d2ca7ac07e680_JC.dll
Size

33KB
MD5

bdee720dd7225ff59a2d2ca7ac07e680
SHA1

8fdfcca32b3b68c1813fbefea77e7678c009ed72
SHA256

23e71b6cc65bccaa4c08ffc5810839c6396f5f83fc62877e39e9eea06f186217
SHA512

03d86483bb7a7d45bda5bafe8b443aaa6bc566fd4957c31d446b07caa12a73b753d10592ce23f592524d15c73078b66f643c5d047125bf54ee3965e72369a859
SSDEEP

768:3X5wlHbBOm1e6Y31CLlr7yV7/1GVF5lhCDmERatV:n5QNOm16FChS7/1GVFL8aER2V

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 4260	4180	rundll32.exe	88
PID 4180 wrote to memory of 4260	4180	rundll32.exe	88
PID 4180 wrote to memory of 4260	4180	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bdee720dd7225ff59a2d2ca7ac07e680_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.bdee720dd7225ff59a2d2ca7ac07e680_JC.dll,#1
  2⤵
  PID:4260