7ddce712527f08a7be9d6f39c816f27765aa2af8d85662c70f512c8ccb468c0b | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
18-11-2023 01:28

Sharing

Report Analysis Logs

General

Target

NEAS.5acd9b9fc6e55a848dac412cbd364b20.dll
Size

520KB
MD5

5acd9b9fc6e55a848dac412cbd364b20
SHA1

702d5eabbfb836c7b8c557e8b380176db45343cf
SHA256

7ddce712527f08a7be9d6f39c816f27765aa2af8d85662c70f512c8ccb468c0b
SHA512

fefa023d19ffa13003f2de2016540cc10b0bb1d88d9a9ed38c05b1ddb72352f31831a60cacc5607524f2b5b20a079d1ca84ed78794ec095e21b07b3390f2d532
SSDEEP

12288:IG25gV2z6//TZMAS6zNKmn1UBjvrEH7Yf:IGzV2zSZMAtNcrEH7S

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2212	2448	regsvr32.exe	28
PID 2448 wrote to memory of 2212	2448	regsvr32.exe	28
PID 2448 wrote to memory of 2212	2448	regsvr32.exe	28
PID 2448 wrote to memory of 2212	2448	regsvr32.exe	28
PID 2448 wrote to memory of 2212	2448	regsvr32.exe	28
PID 2448 wrote to memory of 2212	2448	regsvr32.exe	28
PID 2448 wrote to memory of 2212	2448	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.5acd9b9fc6e55a848dac412cbd364b20.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NEAS.5acd9b9fc6e55a848dac412cbd364b20.dll
  2⤵
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads