96a816c7b95a26e7bd93e0df3963075bbd4fba05f677755eececd953db0b6fc8

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 23:05

Target

0b66deb7d24246bcc44220df51ae4540_NeikiAnalytics.dll
Size

664KB
MD5

0b66deb7d24246bcc44220df51ae4540
SHA1

d8399ee6b34a95e9968acff978e574b9c3c91353
SHA256

96a816c7b95a26e7bd93e0df3963075bbd4fba05f677755eececd953db0b6fc8
SHA512

37fa61918fa3c7edfdae6b650f953bda898cdbb9b6a59387c00f45df867261dc07c8d408db1470cbe3948adc868baf87696a569d2e621556600d1d056f3e6f61
SSDEEP

6144:6851GBxx3g3QHeggaeGAzCpFuSU8QqPdr5QD8q6/CD7r7fIMHMSS5SeifZrmpYDs:6/BxlHIGxFuSvz5EQMHi4ZYYDvtxk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 5036	888	regsvr32.exe	81
PID 888 wrote to memory of 5036	888	regsvr32.exe	81
PID 888 wrote to memory of 5036	888	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0b66deb7d24246bcc44220df51ae4540_NeikiAnalytics.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:888
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0b66deb7d24246bcc44220df51ae4540_NeikiAnalytics.dll
  2⤵
  PID:5036