728dc1c0a9efc002bfb388c380610c31c352d14cb431a1ccf17963e21232ba68

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 09:24

Target

3d3436056e2262926f9c429f6aeadce0_NeikiAnalytics.exe
Size

108KB
MD5

3d3436056e2262926f9c429f6aeadce0
SHA1

5cac8486527f48e4e6835f7782c51f2327086a14
SHA256

728dc1c0a9efc002bfb388c380610c31c352d14cb431a1ccf17963e21232ba68
SHA512

cf4b07601764bea733a4b4a9c8b6d873114d90331b4aeadbcd4c6d854249aaaf8e8a8c7a6d80fee936183c6c8cb7d957b4317d33400a914057af7df80dad171a
SSDEEP

1536:Vc6DhIk5qgjIlcmzeGmAUxySq8ARDms3EqpG2jdg/PmpmLLG:Vc6Dh/h8lcmz0MRDms3Zw2i3mpmLK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2956	2900	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2900	2880	regsvr32.exe	28
PID 2880 wrote to memory of 2900	2880	regsvr32.exe	28
PID 2880 wrote to memory of 2900	2880	regsvr32.exe	28
PID 2880 wrote to memory of 2900	2880	regsvr32.exe	28
PID 2880 wrote to memory of 2900	2880	regsvr32.exe	28
PID 2880 wrote to memory of 2900	2880	regsvr32.exe	28
PID 2880 wrote to memory of 2900	2880	regsvr32.exe	28
PID 2900 wrote to memory of 2956	2900	regsvr32.exe	29
PID 2900 wrote to memory of 2956	2900	regsvr32.exe	29
PID 2900 wrote to memory of 2956	2900	regsvr32.exe	29
PID 2900 wrote to memory of 2956	2900	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d3436056e2262926f9c429f6aeadce0_NeikiAnalytics.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3d3436056e2262926f9c429f6aeadce0_NeikiAnalytics.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 292
    3⤵
    - Program crash
    PID:2956