fa005b5316c413341d5e642dfc0d6a09dc714983dfea27b507668a08d1d3ba47

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 11:59

Target

NEAS.a27d4d34b5ab1b8f69fd887f36e259b0.dll
Size

588KB
MD5

a27d4d34b5ab1b8f69fd887f36e259b0
SHA1

4a94171db6ec29927189a19a4142e6703dd156c4
SHA256

fa005b5316c413341d5e642dfc0d6a09dc714983dfea27b507668a08d1d3ba47
SHA512

ef3b3ef005ad6041cea9e8e29d38b73a599f2960ec269be89b64610a48e2d56998483127eb749f52a6340e13cb3505ead7500c1758526b47b561957b08641f95
SSDEEP

768:TS8e8MYY2uXZ9hAVawuStKIZ+2fJcwqVETAz4HMBbsjjRGPZMofpV:fbY2IGe7IZ+nVETAzFs1fof3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 4896	3308	regsvr32.exe	86
PID 3308 wrote to memory of 4896	3308	regsvr32.exe	86
PID 3308 wrote to memory of 4896	3308	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.a27d4d34b5ab1b8f69fd887f36e259b0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.a27d4d34b5ab1b8f69fd887f36e259b0.dll
  2⤵
  PID:4896

memory/4896-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download