8bd2482ee3b0a5661741314af6f82bbd255b2b6c603c6f3e30bf3e452ce126b1

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 16:31

Target

8d6aa5b345221f8409428014222754f0_NeikiAnalytics.dll
Size

81KB
MD5

8d6aa5b345221f8409428014222754f0
SHA1

2f27b2e59440667b748c40df57f8bba05bb7bade
SHA256

8bd2482ee3b0a5661741314af6f82bbd255b2b6c603c6f3e30bf3e452ce126b1
SHA512

2a9564ec05875980faf5a80462e66420ed93cd694c9ff24a81876ca6986e3105e40397bb0b75b64f7d714a6b83dc6a1e6db495a36f4568a003ca8c97f8316221
SSDEEP

1536:PByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WM:ev4JKXTx71wnArSsXFpeXq8WM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 1900	1360	rundll32.exe	28
PID 1360 wrote to memory of 1900	1360	rundll32.exe	28
PID 1360 wrote to memory of 1900	1360	rundll32.exe	28
PID 1360 wrote to memory of 1900	1360	rundll32.exe	28
PID 1360 wrote to memory of 1900	1360	rundll32.exe	28
PID 1360 wrote to memory of 1900	1360	rundll32.exe	28
PID 1360 wrote to memory of 1900	1360	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d6aa5b345221f8409428014222754f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d6aa5b345221f8409428014222754f0_NeikiAnalytics.dll,#1
  2⤵
  PID:1900