e00dbdc4515073dee7238df135996c5c498f1cac0e4681e949913a1991845d37

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
04-11-2023 09:20

Target

NEAS.02d6b85bacacc7785dfa4f82eac722b0_JC.dll
Size

444KB
MD5

02d6b85bacacc7785dfa4f82eac722b0
SHA1

635bda67306c688c912f7c4bbf979cbdd4125f0e
SHA256

e00dbdc4515073dee7238df135996c5c498f1cac0e4681e949913a1991845d37
SHA512

6c7b4b4d0294b10a875ac825ccd10d11e367b1cd04c5d3f35b6a27357ea19c59dedc2da9d874f5977a5fd8b0ab5867b51e2c0ae2bf758580084bc19d45039bac
SSDEEP

6144:N0LOtjT4ON5qWfUb5w/vNSIYaaVwJxsyRdaGXvIs4KbH7yh:NV7fUd2vNSI9acxsyRLfI5cH7y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2092	2096	regsvr32.exe	28
PID 2096 wrote to memory of 2092	2096	regsvr32.exe	28
PID 2096 wrote to memory of 2092	2096	regsvr32.exe	28
PID 2096 wrote to memory of 2092	2096	regsvr32.exe	28
PID 2096 wrote to memory of 2092	2096	regsvr32.exe	28
PID 2096 wrote to memory of 2092	2096	regsvr32.exe	28
PID 2096 wrote to memory of 2092	2096	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.02d6b85bacacc7785dfa4f82eac722b0_JC.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.02d6b85bacacc7785dfa4f82eac722b0_JC.dll
  2⤵
  PID:2092

memory/2092-0-0x0000000010000000-0x0000000010073000-memory.dmp

Filesize
460KB

Download