5201a9891e829f25af7a383e8c59cf3ed4a3ac5524343d143f9f5ffa08ad572f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 11:16

Target

3246b2fbb7f6e7d581e0852c4bb93350_NeikiAnalytics.dll
Size

172KB
MD5

3246b2fbb7f6e7d581e0852c4bb93350
SHA1

5a1f3b461333f42f23a505256374c2a6ca1f4c81
SHA256

5201a9891e829f25af7a383e8c59cf3ed4a3ac5524343d143f9f5ffa08ad572f
SHA512

882722e181546b5a5f233c7f6748a8c803881b5bcb14094df3dcc250cb87c4680e85f74a3c4f82b61a51fddc41c738ca8be1ea30310e5b1d8810c4b37d47fec9
SSDEEP

3072:JuEmbOQJSMtMTKfsmJND9bXO0iIUWPi1gRb8EXKogkt9uMumX:JudbOQJSMtM9ID9bydWPnblZt94mX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2196	2820	regsvr32.exe	28
PID 2820 wrote to memory of 2196	2820	regsvr32.exe	28
PID 2820 wrote to memory of 2196	2820	regsvr32.exe	28
PID 2820 wrote to memory of 2196	2820	regsvr32.exe	28
PID 2820 wrote to memory of 2196	2820	regsvr32.exe	28
PID 2820 wrote to memory of 2196	2820	regsvr32.exe	28
PID 2820 wrote to memory of 2196	2820	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3246b2fbb7f6e7d581e0852c4bb93350_NeikiAnalytics.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3246b2fbb7f6e7d581e0852c4bb93350_NeikiAnalytics.dll
  2⤵
  PID:2196