faed68768490460c353d4cde4e392c87ddef795c9bebc952c06ea19a86ce359a

Analysis

max time kernel
138s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 11:07

Target

5183496dda909f1fa2d23d4c7c9254d0_NEAS.dll
Size

5KB
MD5

5183496dda909f1fa2d23d4c7c9254d0
SHA1

5ed687bbf376f739ae92fce975de6f91e452ea5d
SHA256

faed68768490460c353d4cde4e392c87ddef795c9bebc952c06ea19a86ce359a
SHA512

760a47cf0758e74d4b9460b8f03c4515c4a359f49376ecd7f0c2ae84d32c5bebfb349db901282641d15292467f1d98b325b20204ec2f4e81f16161864f0e0adf
SSDEEP

96:nEY2RrF1eqwi4nV7QTId4SL7/tK9emjYo71edN9E:EHRh1eppNQMmc/tK9eKI9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3492	4572	rundll32.exe	82
PID 4572 wrote to memory of 3492	4572	rundll32.exe	82
PID 4572 wrote to memory of 3492	4572	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5183496dda909f1fa2d23d4c7c9254d0_NEAS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5183496dda909f1fa2d23d4c7c9254d0_NEAS.dll,#1
  2⤵
  PID:3492