989d06753f62ff33b4ede99bfd7686b6ce9050e862ae8f18205f42288b824834

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 02:17

Target

83119a89146b070b7955a35a06fca9f0_NeikiAnalytics.dll
Size

798KB
MD5

83119a89146b070b7955a35a06fca9f0
SHA1

37d9a4ecf797d6178e945b43695bbc00e0d13647
SHA256

989d06753f62ff33b4ede99bfd7686b6ce9050e862ae8f18205f42288b824834
SHA512

46f1d9aa01507859857310326d56d3be25563d638b3e0dfe9d7f8484e36ba689e59d0153d69404f9c0969cd31c8369b33ee37d86c757fa8a3bb085a88c9417f2
SSDEEP

6144:VXNF5xsTq1v6AS1LP61xSn5hYYn/68nyaMsSDD/kpT8BIMvS3LStqhlbFIKiaT/0:VX5xsov6tzUpBIJzgH6/dHK7nyCl9r

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 2732	3912	regsvr32.exe	84
PID 3912 wrote to memory of 2732	3912	regsvr32.exe	84
PID 3912 wrote to memory of 2732	3912	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\83119a89146b070b7955a35a06fca9f0_NeikiAnalytics.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\83119a89146b070b7955a35a06fca9f0_NeikiAnalytics.dll
  2⤵
  PID:2732