bf86d26b13060d221e90a9dbeea19ec551c2f2d8cf36b1bba4c470438490ca94

Analysis

max time kernel
133s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 04:10

Target

62f777947e57ec722a66aa94696b0b90_NEAS.dll
Size

5KB
MD5

62f777947e57ec722a66aa94696b0b90
SHA1

4bee54223ec99d576a3579f95ee8d6d8c13aa9aa
SHA256

bf86d26b13060d221e90a9dbeea19ec551c2f2d8cf36b1bba4c470438490ca94
SHA512

4ecae4b9e5ccb2757ffe3623279d7b523f74a78f6e48f2e51f0cd6007ca97f8faae883122915211806598bbc4edff09c124c394362e2db91dd8fbdba502be4f0
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqJAYVkUBiwt9849je2zLDzVJIcnwz568k6I:hy859x0P8MaJNV9U1Qkcn0Zk3Bjfle

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 2676	4920	rundll32.exe	84
PID 4920 wrote to memory of 2676	4920	rundll32.exe	84
PID 4920 wrote to memory of 2676	4920	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62f777947e57ec722a66aa94696b0b90_NEAS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62f777947e57ec722a66aa94696b0b90_NEAS.dll,#1
  2⤵
  PID:2676