06b823579380e1145a881c728516a914eb0dd148cda59d720de337622d459f13

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 12:41

Target

542808b3489b76e0db06282935f44630_NeikiAnalytics.exe
Size

106KB
MD5

542808b3489b76e0db06282935f44630
SHA1

ebaf9fcf6911d8f414468fc7ddbfb5ca5a6dbb27
SHA256

06b823579380e1145a881c728516a914eb0dd148cda59d720de337622d459f13
SHA512

ad4a299bc11bd3270e7a7fcc2934d8842df2944a64c58ed8419228983e491ece3301e75adc2016415e426f2c4214a70dfaa464c52f3c5fcc946e9b6e07499e6c
SSDEEP

3072:g/Pdl6o/KfWQeOCKWmgXGN69Rz2mmpmVj:Il9QROV2mK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3140	4608	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 4608	2788	regsvr32.exe	84
PID 2788 wrote to memory of 4608	2788	regsvr32.exe	84
PID 2788 wrote to memory of 4608	2788	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\542808b3489b76e0db06282935f44630_NeikiAnalytics.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\542808b3489b76e0db06282935f44630_NeikiAnalytics.exe
  2⤵
  PID:4608
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 600
    3⤵
    - Program crash
    PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4608 -ip 4608
1⤵
PID:4064