cb8e8c536e745e0b871ce8815b51606b841ac6d0146b754baf63e3ee0fd34faf

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2022, 06:43

Target

decoded_beacon.dll
Size

278KB
MD5

03e0e300edfcc98afc4db0e0bb94e8af
SHA1

0c24da4242873ef96503aa9f5c23a9a99486c798
SHA256

cb8e8c536e745e0b871ce8815b51606b841ac6d0146b754baf63e3ee0fd34faf
SHA512

dbd0ab7f35f132ada2d03823f8a3d34f3784fbb1edadb2654325c1c98ca19135421526cfeeba0c6ec17ea4f7c2a4b84c363c946b7cc40d8a1a49243e71269c66
SSDEEP

3072:GlqJi87VEha/4JldqAAKYixuzDssywB3mQfmSJaykpRIK5iJRXrA78SNXHXtfaSp:dVEfJmwYiuDssywB3mQkOJdSfaSjt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4868	4712	regsvr32.exe	78
PID 4712 wrote to memory of 4868	4712	regsvr32.exe	78
PID 4712 wrote to memory of 4868	4712	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\decoded_beacon.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\decoded_beacon.dll
  2⤵
  PID:4868