8250c9c4697e6cb7695000f50ffda5d9d6baafc9dcab8cc7816c4c33ad3c95b8

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
05-11-2023 19:04

Target

NEAS.6cd71f3063804d66f9bab4db02305ab0_JC.dll
Size

5KB
MD5

6cd71f3063804d66f9bab4db02305ab0
SHA1

b8fab50ea38c90e490c24940f1ff93af978dd48e
SHA256

8250c9c4697e6cb7695000f50ffda5d9d6baafc9dcab8cc7816c4c33ad3c95b8
SHA512

9afd12a30e821485bad216134463b60050915f3215dc3c4a629385c37f824c06b0ee2def0bd44dc6e26ffc6379f1e3108cc3ef3bd8629d4b67ce47020bab50a4
SSDEEP

48:C6VonAHso6U7lYa92RrpjwDmetlG95hx+iMHhjO8OZCsRIpp38FYrOcGX2w/Rj6u:nEY2RrF1eqwi4tfQwMhGQRjNgE7pM02

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3036	2988	rundll32.exe	28
PID 2988 wrote to memory of 3036	2988	rundll32.exe	28
PID 2988 wrote to memory of 3036	2988	rundll32.exe	28
PID 2988 wrote to memory of 3036	2988	rundll32.exe	28
PID 2988 wrote to memory of 3036	2988	rundll32.exe	28
PID 2988 wrote to memory of 3036	2988	rundll32.exe	28
PID 2988 wrote to memory of 3036	2988	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6cd71f3063804d66f9bab4db02305ab0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.6cd71f3063804d66f9bab4db02305ab0_JC.dll,#1
  2⤵
  PID:3036