9aa2e1f04d0d39523c6c2aebd584b97412324f35439d5b3047a30062cb5f19d7

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 11:52

Target

d7cc8d1fc2920a8c52d58a3227adc800_NeikiAnalytics.dll
Size

684KB
MD5

d7cc8d1fc2920a8c52d58a3227adc800
SHA1

bd978417499df32be2e000f3728fc8623ee7ce00
SHA256

9aa2e1f04d0d39523c6c2aebd584b97412324f35439d5b3047a30062cb5f19d7
SHA512

c253df2a0a7a536fe16b3ca37cb1dce4eb4d8ed45e200662e680ee8a49f2fea229503f51b4b6c71c9e8b5910070f03fc9d31d55ada5d434f4005ed7ee2cd1cf9
SSDEEP

3072:E6X0kzsB0N+pMS+2ByQtdY5hvJ7KHhQeg/p6VwstKC7wRt44ImQWntdaX1GD3WP:E6X0YQ0kW9YokhSp6VwOuPDG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2596	1728	rundll32.exe	28
PID 1728 wrote to memory of 2596	1728	rundll32.exe	28
PID 1728 wrote to memory of 2596	1728	rundll32.exe	28
PID 1728 wrote to memory of 2596	1728	rundll32.exe	28
PID 1728 wrote to memory of 2596	1728	rundll32.exe	28
PID 1728 wrote to memory of 2596	1728	rundll32.exe	28
PID 1728 wrote to memory of 2596	1728	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7cc8d1fc2920a8c52d58a3227adc800_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7cc8d1fc2920a8c52d58a3227adc800_NeikiAnalytics.dll,#1
  2⤵
  PID:2596