84b640c900c13585d777d77a60b259829819ca96fd5cc0a6d33b3802ece58a9e | Triage

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2023 17:22

Sharing

Report Analysis Logs

General

Target

NEAS.79a3809d702f14be7d33f4e039b5ae40.dll
Size

1.6MB
MD5

79a3809d702f14be7d33f4e039b5ae40
SHA1

bc034d4fd22255a55e191c05339be517cddf0b92
SHA256

84b640c900c13585d777d77a60b259829819ca96fd5cc0a6d33b3802ece58a9e
SHA512

0134034144a98152e364174999fd5803fdbfeb7b501f5954e89663f2dcf0279116b15424a92f0ba3d1bdf877cdae791cb4eaea264b9d34ed1f3550450ec548ab
SSDEEP

49152:xuh9VLLvXjS+Uk3yd2OluON4fA9uGwmjTDSoqbA+:Ihvfe+Uzw

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 1268	4652	regsvr32.exe	87
PID 4652 wrote to memory of 1268	4652	regsvr32.exe	87
PID 4652 wrote to memory of 1268	4652	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.79a3809d702f14be7d33f4e039b5ae40.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.79a3809d702f14be7d33f4e039b5ae40.dll
  2⤵
  PID:1268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads