cb8e8c536e745e0b871ce8815b51606b841ac6d0146b754baf63e3ee0fd34faf

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24/12/2022, 06:43

Target

decoded_beacon.dll
Size

278KB
MD5

03e0e300edfcc98afc4db0e0bb94e8af
SHA1

0c24da4242873ef96503aa9f5c23a9a99486c798
SHA256

cb8e8c536e745e0b871ce8815b51606b841ac6d0146b754baf63e3ee0fd34faf
SHA512

dbd0ab7f35f132ada2d03823f8a3d34f3784fbb1edadb2654325c1c98ca19135421526cfeeba0c6ec17ea4f7c2a4b84c363c946b7cc40d8a1a49243e71269c66
SSDEEP

3072:GlqJi87VEha/4JldqAAKYixuzDssywB3mQfmSJaykpRIK5iJRXrA78SNXHXtfaSp:dVEfJmwYiuDssywB3mQkOJdSfaSjt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 1808	1396	regsvr32.exe	28
PID 1396 wrote to memory of 1808	1396	regsvr32.exe	28
PID 1396 wrote to memory of 1808	1396	regsvr32.exe	28
PID 1396 wrote to memory of 1808	1396	regsvr32.exe	28
PID 1396 wrote to memory of 1808	1396	regsvr32.exe	28
PID 1396 wrote to memory of 1808	1396	regsvr32.exe	28
PID 1396 wrote to memory of 1808	1396	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\decoded_beacon.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\decoded_beacon.dll
  2⤵
  PID:1808

memory/1396-54-0x000007FEFC3C1000-0x000007FEFC3C3000-memory.dmp

Filesize
8KB

Download
memory/1808-56-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download