71ae56bc936ee8e68d979bed53bae2fd8f6e0f72c3d5b741699d10638910907d

Analysis

max time kernel
91s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 14:33

Target

NEAS.110d6436ac0693f2e6942b20d0b2de80_JC.dll
Size

407KB
MD5

110d6436ac0693f2e6942b20d0b2de80
SHA1

736eb8ea3783cbd4c156317df2b24753bb60f881
SHA256

71ae56bc936ee8e68d979bed53bae2fd8f6e0f72c3d5b741699d10638910907d
SHA512

6ded491b37afab0336c00489a1145c585bab50e7e4879aefe8007fa92e1a4efff4033f70144b450c6db899e9aea9e406e0c4b3deb8f50a55a12a003bcbfc575d
SSDEEP

12288:mf7ADO4CjfC/JA2BnuHWiF7tFOPB2Dj23Sz:k0O4CTC2au2YZFOPBMj1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1224	216	regsvr32.exe	81
PID 216 wrote to memory of 1224	216	regsvr32.exe	81
PID 216 wrote to memory of 1224	216	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.110d6436ac0693f2e6942b20d0b2de80_JC.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.110d6436ac0693f2e6942b20d0b2de80_JC.dll
  2⤵
  PID:1224

memory/1224-1-0x0000000002D80000-0x0000000002DC0000-memory.dmp

Filesize
256KB

Download
memory/1224-0-0x0000000002D80000-0x0000000002DC0000-memory.dmp

Filesize
256KB

Download