6fca6dfa21e62e8d47beaf9711f205c83464381ea66a070ad7cd5c448c92eb0d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 06:40

Target

84d16576d4f0d5835eef3f59830a9880_NEAS.dll
Size

80KB
MD5

84d16576d4f0d5835eef3f59830a9880
SHA1

be9d55b82a3f57047eaf993a974ecb185fe04b55
SHA256

6fca6dfa21e62e8d47beaf9711f205c83464381ea66a070ad7cd5c448c92eb0d
SHA512

b79c8aff02872fa59e2e4b6e2a79c464b8dc60f180b5e30b2d700be44301198a9e5aec55043b71ff20583bafe7993f63517f4692e72778fd53f39cae6aae402c
SSDEEP

1536:NSk4b/VMpZu/jF3iYGVcHmeBVlGQhJw7QfG/+Vg0k1f1OcWJq6FR:5mtMyF3iPVtKhK7qG/+/k1f1OcWJq6v

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2088	2488	rundll32.exe	28
PID 2488 wrote to memory of 2088	2488	rundll32.exe	28
PID 2488 wrote to memory of 2088	2488	rundll32.exe	28
PID 2488 wrote to memory of 2088	2488	rundll32.exe	28
PID 2488 wrote to memory of 2088	2488	rundll32.exe	28
PID 2488 wrote to memory of 2088	2488	rundll32.exe	28
PID 2488 wrote to memory of 2088	2488	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\84d16576d4f0d5835eef3f59830a9880_NEAS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\84d16576d4f0d5835eef3f59830a9880_NEAS.dll,#1
  2⤵
  PID:2088

memory/2088-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download