a6100c0b632771911272d6fb576dfef291d81c4d719a78228363c058b69fd197

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:36

Target

41c576d0c22e48e3e625d379df4c42a0_NeikiAnalytics.dll
Size

1.8MB
MD5

41c576d0c22e48e3e625d379df4c42a0
SHA1

3ad1bff519a0d6f4b80e211df6cb74fc6ff45c0f
SHA256

a6100c0b632771911272d6fb576dfef291d81c4d719a78228363c058b69fd197
SHA512

323259d4465d2c5713711e1f7bde6393663a3ab3aea256277fd81c37d1ea58c332f0713557dbb1af6adc44892ceb8547490134f146df60708f8eb244a10f668f
SSDEEP

12288:dfpFnFMFFKX7vqE1DMN4n2p7sz6MAj09IXuFsLBZs4f6UYfqyTilhGCQE2fO:BZX7vqE1DMh4ez/uqLrs4CNShGq2O

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2372 wrote to memory of 2544	2372	regsvr32.exe	regsvr32.exe
PID 2372 wrote to memory of 2544	2372	regsvr32.exe	regsvr32.exe
PID 2372 wrote to memory of 2544	2372	regsvr32.exe	regsvr32.exe
PID 2372 wrote to memory of 2544	2372	regsvr32.exe	regsvr32.exe
PID 2372 wrote to memory of 2544	2372	regsvr32.exe	regsvr32.exe
PID 2372 wrote to memory of 2544	2372	regsvr32.exe	regsvr32.exe
PID 2372 wrote to memory of 2544	2372	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\41c576d0c22e48e3e625d379df4c42a0_NeikiAnalytics.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\41c576d0c22e48e3e625d379df4c42a0_NeikiAnalytics.dll
  2⤵
  PID:2544