0ac7896db6986d97e9d97d7e52d183a5fdf3d57c4e932bfedc596c695c10d69f

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 20:26

Target

998fea7a62f920ac535d65d3ba984b30_NeikiAnalytics.exe
Size

107KB
MD5

998fea7a62f920ac535d65d3ba984b30
SHA1

1cece8a80497dff1eb6bb8b6a76bcd434029e8e4
SHA256

0ac7896db6986d97e9d97d7e52d183a5fdf3d57c4e932bfedc596c695c10d69f
SHA512

3f6b1a3d535819422bb3f9f98c5a96fdd1f1b31bb4b34ff736a5fb392c5359f272bb1ff69928a890a97ae587d54cd0d4479d23ae8ba4f34765d243414fb6fb9b
SSDEEP

3072:REhLjKs6CnK4cT6HKBmg0crZA2fdmpmtxmfp:WjKmcWvcri2fdKf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2180	2072	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2072	1976	regsvr32.exe	28
PID 1976 wrote to memory of 2072	1976	regsvr32.exe	28
PID 1976 wrote to memory of 2072	1976	regsvr32.exe	28
PID 1976 wrote to memory of 2072	1976	regsvr32.exe	28
PID 1976 wrote to memory of 2072	1976	regsvr32.exe	28
PID 1976 wrote to memory of 2072	1976	regsvr32.exe	28
PID 1976 wrote to memory of 2072	1976	regsvr32.exe	28
PID 2072 wrote to memory of 2180	2072	regsvr32.exe	29
PID 2072 wrote to memory of 2180	2072	regsvr32.exe	29
PID 2072 wrote to memory of 2180	2072	regsvr32.exe	29
PID 2072 wrote to memory of 2180	2072	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\998fea7a62f920ac535d65d3ba984b30_NeikiAnalytics.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\998fea7a62f920ac535d65d3ba984b30_NeikiAnalytics.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 292
    3⤵
    - Program crash
    PID:2180