b026b44a9b945661d99d398ffb109e185acabc7b6fe73a87b860059b8aad3043 | Triage

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:27

Sharing

Report Analysis Logs

General

Target

NEAS.88900b8912a56d94f2693546ec628af0.dll
Size

144KB
MD5

88900b8912a56d94f2693546ec628af0
SHA1

d03ee17b820ea05342834ed93d14b76460d8dc5f
SHA256

b026b44a9b945661d99d398ffb109e185acabc7b6fe73a87b860059b8aad3043
SHA512

eac2172b936acfc0fa33e336e8dcc7da375f1ab470b30d97e88d08f76ae1aa790bc983d41f89864a662d15b5b7961dab0e6c6efa9cae3eace10c8d292ac644b2
SSDEEP

3072:UQc/ahY0E/Y/zFd+oaak40GTyDbOQWOAXO9:UQxEOd+ofkzZOQWOAX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 4340	824	regsvr32.exe	83
PID 824 wrote to memory of 4340	824	regsvr32.exe	83
PID 824 wrote to memory of 4340	824	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.88900b8912a56d94f2693546ec628af0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:824
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.88900b8912a56d94f2693546ec628af0.dll
  2⤵
  PID:4340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads