11381fda123c7b6c4b5370c1c9a6c695f9df2a394aed5220768552d7ca87e24d

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 03:17

Target

b7789f6520aa1cd4d096badd7f8bb0a0_NEIKI.dll
Size

436KB
MD5

b7789f6520aa1cd4d096badd7f8bb0a0
SHA1

1d91ef1ab957b22f53243ee939712cee8a0d5048
SHA256

11381fda123c7b6c4b5370c1c9a6c695f9df2a394aed5220768552d7ca87e24d
SHA512

37f5ea98c70bb2c51484ba83790f279399e393cc45245892658e6305f73607f5ad054e7b72cabf5704dacd92429473400339b7a538e712c0f9a9b4da1d9e3af1
SSDEEP

12288:xKp1z/7/L/f7G/7/L/fA/7/L/fo9t22Un2e:Qz/7/L/jG/7/L/I/7/L/4twnh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2232	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2232	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2232	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2232	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2232	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2232	3032	regsvr32.exe	28
PID 3032 wrote to memory of 2232	3032	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b7789f6520aa1cd4d096badd7f8bb0a0_NEIKI.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b7789f6520aa1cd4d096badd7f8bb0a0_NEIKI.dll
  2⤵
  PID:2232