813ba9ec2c2e19176da745ea342b1db82987d5ce65496c0e979b95aa3f7154b8

Analysis

max time kernel
141s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:12

Target

NEAS.06b9c49c5988260302614af72e2c5150.dll
Size

436KB
MD5

06b9c49c5988260302614af72e2c5150
SHA1

f44a4c0e55f179cff2d3da775c1f90bb667a673d
SHA256

813ba9ec2c2e19176da745ea342b1db82987d5ce65496c0e979b95aa3f7154b8
SHA512

e192c8fa6144595239534cf9095aa284a7d10eed994eaf86be7e46dfec56bb4dd391fe2f36bd5fc41d9dc4de0b28c0fa1d53af86fe61fba77e7bcd8b8b79da03
SSDEEP

6144:YxPTYhPTXnb9Gde0aFNJ0DgealVRA89dvqX9ZZghEtEM9pZlgApJuj0x16ytwzYw:6P0hPTXnb9GdeTFNJG4VRoQOPRpvM8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 5040	3248	regsvr32.exe	88
PID 3248 wrote to memory of 5040	3248	regsvr32.exe	88
PID 3248 wrote to memory of 5040	3248	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.06b9c49c5988260302614af72e2c5150.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.06b9c49c5988260302614af72e2c5150.dll
  2⤵
  PID:5040