fc73f2f3ab38b65ddac74aaffc516b1bc059c09a0d0c538d035b24857a84ad9f

Analysis

max time kernel
131s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 06:10

Target

f1059fd74406a20ac34f8a8ad7bc51d0_NEIKI.dll
Size

588KB
MD5

f1059fd74406a20ac34f8a8ad7bc51d0
SHA1

fe2cf20ab019574ca0551424bad2d3d067b0f232
SHA256

fc73f2f3ab38b65ddac74aaffc516b1bc059c09a0d0c538d035b24857a84ad9f
SHA512

8d744bbcdea24fd66332ee5d4b10b0b5d3bef8134e41879f1cbd264606b54196607fa17a97ff7b2ea9671cde80d6c50d46db668f824819fbcaefc728f00c4e8a
SSDEEP

12288:OUeZyznpRe6Q2YTQJrPqg7J54C/JKBjvrEH7HsV:Ozsrre6Q2YwuG/krEH7HsV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 724	668	regsvr32.exe	85
PID 668 wrote to memory of 724	668	regsvr32.exe	85
PID 668 wrote to memory of 724	668	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f1059fd74406a20ac34f8a8ad7bc51d0_NEIKI.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:668
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f1059fd74406a20ac34f8a8ad7bc51d0_NEIKI.dll
  2⤵
  PID:724