0f8f25644228190a6a397808bd03226367068d4962a08e0533a4243df61c9e4e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 05:26

Target

7906ff6ae5f5b93de6cb8fbb8aa73510_NeikiAnalytics.dll
Size

216KB
MD5

7906ff6ae5f5b93de6cb8fbb8aa73510
SHA1

e542dfdffabb869990ff5a23735a8e635209af64
SHA256

0f8f25644228190a6a397808bd03226367068d4962a08e0533a4243df61c9e4e
SHA512

fa59e35b475af900ca6c363fc9bb649f3ab1c44b271ea5075de23ff07bcec09316c906078e9f0d62b4702d2a5bc239a0b1115fb69f6ea386252a3b0c12f554c6
SSDEEP

3072:TRq+AgxXk4iAfCeelBOAMCGhHgKDE+xH1E5XT:TRq+nXkMCeelGhAmxH1U

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1660	1756	regsvr32.exe	28
PID 1756 wrote to memory of 1660	1756	regsvr32.exe	28
PID 1756 wrote to memory of 1660	1756	regsvr32.exe	28
PID 1756 wrote to memory of 1660	1756	regsvr32.exe	28
PID 1756 wrote to memory of 1660	1756	regsvr32.exe	28
PID 1756 wrote to memory of 1660	1756	regsvr32.exe	28
PID 1756 wrote to memory of 1660	1756	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7906ff6ae5f5b93de6cb8fbb8aa73510_NeikiAnalytics.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7906ff6ae5f5b93de6cb8fbb8aa73510_NeikiAnalytics.dll
  2⤵
  PID:1660