c0f762064126f7820d9b108ca116aa15464040cc4fafe2a01066fd8aa3c48f1c

Analysis

max time kernel
132s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 13:17

Target

9b391a37bb97b3de2632124801bd4970_NEAS.dll
Size

7KB
MD5

9b391a37bb97b3de2632124801bd4970
SHA1

56099febd45fb24e017a5b65cbbe108f04cd76cc
SHA256

c0f762064126f7820d9b108ca116aa15464040cc4fafe2a01066fd8aa3c48f1c
SHA512

2e6173d6af5872b060ec405e0c5a45dd0640ebb3b0c68f485870553d006a6fbdb6b4224422bea8d808a18ea9e8b5d85f7b576a8d8aef98bbdf11a2a55867b02d
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIhHnymbx4rsnrSolebFLX5QQNIO:unSR6bgYIymbGrsnubpXiqIO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 1804	4928	rundll32.exe	83
PID 4928 wrote to memory of 1804	4928	rundll32.exe	83
PID 4928 wrote to memory of 1804	4928	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b391a37bb97b3de2632124801bd4970_NEAS.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b391a37bb97b3de2632124801bd4970_NEAS.dll,#1
  2⤵
  PID:1804