4144d3ce160bb2b2df873109a1e9643fd4d5355ec7023580d54e67b9a23848c0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 04:39

Target

77838489b0a9c9e968bdc71a19ffe900_NeikiAnalytics.exe
Size

107KB
MD5

77838489b0a9c9e968bdc71a19ffe900
SHA1

7b7885370773dede2bc45583a78aa6f461f12343
SHA256

4144d3ce160bb2b2df873109a1e9643fd4d5355ec7023580d54e67b9a23848c0
SHA512

c42119002d47de9c99aa6e3558e59dffbcf6300269866d4015981a86aaf28f086f3c09aaba7eb5b21cf21228cd796ec883f4be5854f42c0aff4476547c80c28e
SSDEEP

3072:REhLjKR6CnK4cT6HKBmg0crZA2fdmpmt3mfp:WjKjcWvcri2fdKN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
552	2028	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2028	1244	regsvr32.exe	28
PID 1244 wrote to memory of 2028	1244	regsvr32.exe	28
PID 1244 wrote to memory of 2028	1244	regsvr32.exe	28
PID 1244 wrote to memory of 2028	1244	regsvr32.exe	28
PID 1244 wrote to memory of 2028	1244	regsvr32.exe	28
PID 1244 wrote to memory of 2028	1244	regsvr32.exe	28
PID 1244 wrote to memory of 2028	1244	regsvr32.exe	28
PID 2028 wrote to memory of 552	2028	regsvr32.exe	29
PID 2028 wrote to memory of 552	2028	regsvr32.exe	29
PID 2028 wrote to memory of 552	2028	regsvr32.exe	29
PID 2028 wrote to memory of 552	2028	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\77838489b0a9c9e968bdc71a19ffe900_NeikiAnalytics.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\77838489b0a9c9e968bdc71a19ffe900_NeikiAnalytics.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 292
    3⤵
    - Program crash
    PID:552