1a3e7dc4d693f87ea326bb2617c6be147d557ad4754c90842228b39b33847cb5

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 08:20

Target

NEAS.e3d7cb54705b04ee8cbfdcd21c00f1c0.dll
Size

64KB
MD5

e3d7cb54705b04ee8cbfdcd21c00f1c0
SHA1

ef6ccdc635e2f2ce8d5cb28ab5524a5084b0b304
SHA256

1a3e7dc4d693f87ea326bb2617c6be147d557ad4754c90842228b39b33847cb5
SHA512

af0f35a073aab4c6437f61d5021d2c30f3fdaf6a05a55d432f458c5d2e27f87011bd1e57b2e2f36480008d9b46afc10efb78d39488708ea5c15c1ea51e957f5c
SSDEEP

768:8k7yJU3ohORXi5gsTDkkjkb/T1q3m5loupgkT8RTtd54JpZlnuewJLo2zJ46wLD:8kzXz8Dk0kbwCosgR5oZlnuJtzJ46

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 1712	2812	regsvr32.exe	28
PID 2812 wrote to memory of 1712	2812	regsvr32.exe	28
PID 2812 wrote to memory of 1712	2812	regsvr32.exe	28
PID 2812 wrote to memory of 1712	2812	regsvr32.exe	28
PID 2812 wrote to memory of 1712	2812	regsvr32.exe	28
PID 2812 wrote to memory of 1712	2812	regsvr32.exe	28
PID 2812 wrote to memory of 1712	2812	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.e3d7cb54705b04ee8cbfdcd21c00f1c0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.e3d7cb54705b04ee8cbfdcd21c00f1c0.dll
  2⤵
  PID:1712