387b9eb1be6a3f07b4867b5e0e6dc07d370d9625526d4b3036406beae7672c30

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 06:02

Target

387b9eb1be6a3f07b4867b5e0e6dc07d370d9625526d4b3036406beae7672c30_NeikiAnalytics.dll
Size

188KB
MD5

1c61a15f6c9defa0195afd1db6e5ce40
SHA1

28c08193b1d216c3b7954e305f88130bb5bcb561
SHA256

387b9eb1be6a3f07b4867b5e0e6dc07d370d9625526d4b3036406beae7672c30
SHA512

52d0389a5f0ee9e477c69a833216c3a272344966a4e26ea87419a12989a54b2ce92ba522cc401ba24b76759e39e390a9388af064c4693e3bd1c63a4a0e9e307f
SSDEEP

3072:3GvnIQfNodcSRCfwz6stPR67ZgGzU4fVOgzD98ZyhlSz:2vQcMPRNGzU4fVOg15k

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1972	2068	regsvr32.exe	28
PID 2068 wrote to memory of 1972	2068	regsvr32.exe	28
PID 2068 wrote to memory of 1972	2068	regsvr32.exe	28
PID 2068 wrote to memory of 1972	2068	regsvr32.exe	28
PID 2068 wrote to memory of 1972	2068	regsvr32.exe	28
PID 2068 wrote to memory of 1972	2068	regsvr32.exe	28
PID 2068 wrote to memory of 1972	2068	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\387b9eb1be6a3f07b4867b5e0e6dc07d370d9625526d4b3036406beae7672c30_NeikiAnalytics.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\387b9eb1be6a3f07b4867b5e0e6dc07d370d9625526d4b3036406beae7672c30_NeikiAnalytics.dll
  2⤵
  PID:1972