9de85daa34112182335c4ece80fdf538b682f7bd948b7c11381464c7d83fe513

Analysis

max time kernel
92s
max time network
55s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 19:11

Target

NEAS.c1775a91deca477e52b40e5a50c8bf80.dll
Size

3.3MB
MD5

c1775a91deca477e52b40e5a50c8bf80
SHA1

dbe6726b8b6dca457a41d7b063c0e6cd5cdd166d
SHA256

9de85daa34112182335c4ece80fdf538b682f7bd948b7c11381464c7d83fe513
SHA512

ddd2c88ac8a0aab010336c828733a3f1233f687d5d6afb3e2c58d4a1e34a3af2b32e28af5264f7860a3db7db324dd18e6a6f1f44404756504d0ee6ab5929c1b1
SSDEEP

24576:Tlpr5w0SbWj3u27L/nPQsf0gX2ngGBAs++A42494k4RRk4k44Vk9Kk4k44+k9f4C:e0SbyZ7L/nLcX++u/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2688	3004	regsvr32.exe	27
PID 3004 wrote to memory of 2688	3004	regsvr32.exe	27
PID 3004 wrote to memory of 2688	3004	regsvr32.exe	27
PID 3004 wrote to memory of 2688	3004	regsvr32.exe	27
PID 3004 wrote to memory of 2688	3004	regsvr32.exe	27
PID 3004 wrote to memory of 2688	3004	regsvr32.exe	27
PID 3004 wrote to memory of 2688	3004	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.c1775a91deca477e52b40e5a50c8bf80.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.c1775a91deca477e52b40e5a50c8bf80.dll
  2⤵
  PID:2688