d53760f432d94f2a69f068f50d8f2475a5487ea334696bd4022cea198cf16566

Analysis

max time kernel
84s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 00:05

Target

NEAS.7d35e0ff7295b2d3c7c1160734c5b1f0_JC.dll
Size

321KB
MD5

7d35e0ff7295b2d3c7c1160734c5b1f0
SHA1

fb9375714a2083cb6eaea7517c905b29e233d5ab
SHA256

d53760f432d94f2a69f068f50d8f2475a5487ea334696bd4022cea198cf16566
SHA512

509ba90dc8e15d5b4b80068286f1bb3d5b3b0db0300277fe3d1f83a03ef8a40dc5eba4944aa6a5a6b5eff35ffa509c3364aa1392f8abd149b8c24c19d3939f55
SSDEEP

6144:rPLKhyZnX0WUC1ammr41lcyDxMS4L8bU61rbACTM0rd/JuvZk0wXu+m9j+mzMnfG:DYG3AId/0vZye+momg3lBjvrEH7r

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 4136	1808	regsvr32.exe	81
PID 1808 wrote to memory of 4136	1808	regsvr32.exe	81
PID 1808 wrote to memory of 4136	1808	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.7d35e0ff7295b2d3c7c1160734c5b1f0_JC.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.7d35e0ff7295b2d3c7c1160734c5b1f0_JC.dll
  2⤵
  PID:4136