319169e51dd4b0daf9b1f7789679d70791ed1acf92fcba2c0596d84a667e8c9e

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
13-11-2023 02:51

Target

NEAS.11bfb7d14dcf76506fe0b27f5edaf470.dll
Size

1.1MB
MD5

11bfb7d14dcf76506fe0b27f5edaf470
SHA1

2870d8dbfc0b9d7f0ede8ad0c64f64252ce1cb54
SHA256

319169e51dd4b0daf9b1f7789679d70791ed1acf92fcba2c0596d84a667e8c9e
SHA512

e13f27bd3a60d91f459791b88fb97d693313f7ce15d30c3c798512d10e4e585ec39738d948fc19176cba8661fc7ba8b6c582a6ed8d0fb09bbe8816915f30a0ca
SSDEEP

24576:iFDe+T1zY4PABNnCmtfKxhqtyZTbm/KMZvTQaFD43WAp0E7ch:Sy4I/DtTQv3Rp0E7c

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
296	2932	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2932	1768	rundll32.exe	28
PID 1768 wrote to memory of 2932	1768	rundll32.exe	28
PID 1768 wrote to memory of 2932	1768	rundll32.exe	28
PID 1768 wrote to memory of 2932	1768	rundll32.exe	28
PID 1768 wrote to memory of 2932	1768	rundll32.exe	28
PID 1768 wrote to memory of 2932	1768	rundll32.exe	28
PID 1768 wrote to memory of 2932	1768	rundll32.exe	28
PID 2932 wrote to memory of 296	2932	rundll32.exe	29
PID 2932 wrote to memory of 296	2932	rundll32.exe	29
PID 2932 wrote to memory of 296	2932	rundll32.exe	29
PID 2932 wrote to memory of 296	2932	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.11bfb7d14dcf76506fe0b27f5edaf470.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.11bfb7d14dcf76506fe0b27f5edaf470.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 220
    3⤵
    - Program crash
    PID:296