9f8b39e8e163ffc3f33e5bf75700d142b309a2b45acf43101c7b93f9f3c5bb72

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:16

Target

5ffe5bc6c5d1f5004b6322c134036640_NeikiAnalytics.dll
Size

84KB
MD5

5ffe5bc6c5d1f5004b6322c134036640
SHA1

dc55a7088273755a7f78880263c288afa7868410
SHA256

9f8b39e8e163ffc3f33e5bf75700d142b309a2b45acf43101c7b93f9f3c5bb72
SHA512

99ff237c98a2a06c2ce4175776a413c67a906714a73d7b7c91273b6f72ae164cf08888d0bf2b65c00c1a072a2e9c9582fee92b853e630a49626f73f683993bc5
SSDEEP

1536:dwBHkpc3QzO4edM3/OkDz0X5oAZICgj98r0hFZ7:d5EQzR93UpowICgj98sZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2072 wrote to memory of 2224	2072	regsvr32.exe	regsvr32.exe
PID 2072 wrote to memory of 2224	2072	regsvr32.exe	regsvr32.exe
PID 2072 wrote to memory of 2224	2072	regsvr32.exe	regsvr32.exe
PID 2072 wrote to memory of 2224	2072	regsvr32.exe	regsvr32.exe
PID 2072 wrote to memory of 2224	2072	regsvr32.exe	regsvr32.exe
PID 2072 wrote to memory of 2224	2072	regsvr32.exe	regsvr32.exe
PID 2072 wrote to memory of 2224	2072	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5ffe5bc6c5d1f5004b6322c134036640_NeikiAnalytics.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2072

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\5ffe5bc6c5d1f5004b6322c134036640_NeikiAnalytics.dll
2⤵
PID:2224