21c7514fcdbb435d4a59df08b69eae734a6f82135f55f2f24990398e6508f98d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 21:39

Target

04bf32135110bce54c58438d7d7490b0_NeikiAnalytics.dll
Size

6KB
MD5

04bf32135110bce54c58438d7d7490b0
SHA1

b01b26b803ba267f121b5ad86446fc52d6897cd7
SHA256

21c7514fcdbb435d4a59df08b69eae734a6f82135f55f2f24990398e6508f98d
SHA512

104f7cfc5e6e2efc146e7243593077f1efed3601968bfebd636a4b21e15100c5062959e1b33d9494666e392a94a0ff913f0fd2a443463a4c8ad9386e6d6a056b
SSDEEP

192:F5oLQJabENtbXJu/8Zmfz2Yy2RY89HNw:F5mQJabE3Zu/8Zmfz5y2RYoHNw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1252	1700	rundll32.exe	28
PID 1700 wrote to memory of 1252	1700	rundll32.exe	28
PID 1700 wrote to memory of 1252	1700	rundll32.exe	28
PID 1700 wrote to memory of 1252	1700	rundll32.exe	28
PID 1700 wrote to memory of 1252	1700	rundll32.exe	28
PID 1700 wrote to memory of 1252	1700	rundll32.exe	28
PID 1700 wrote to memory of 1252	1700	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04bf32135110bce54c58438d7d7490b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04bf32135110bce54c58438d7d7490b0_NeikiAnalytics.dll,#1
  2⤵
  PID:1252