7cf46695bb878de7eb846ea1d074276fa2d2cd9bf5f1a3360800378cbd97fe8b

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 12:56

Target

e72879893ddf794e9a4ffdad3437e4e0_NeikiAnalytics.dll
Size

24KB
MD5

e72879893ddf794e9a4ffdad3437e4e0
SHA1

4824676f9abf3d2cdb4f3985eb5c83f815a8430c
SHA256

7cf46695bb878de7eb846ea1d074276fa2d2cd9bf5f1a3360800378cbd97fe8b
SHA512

2780c2b386afcc049a2c7e0f227b07d3c8f5881598253b367e90a2598891ff38cde123e6d0a488046bf602cbaf8897f7ce040326a2864f6c7d93daf72c2775c1
SSDEEP

48:qbW2zp4kCzoDlUDHQOHtPj33rRxuQGjDvarx+1huyI81GLYtHqPjY/pR:BkbZ1ON3RJG/i8nIdLMKK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2224	3056	rundll32.exe	28
PID 3056 wrote to memory of 2224	3056	rundll32.exe	28
PID 3056 wrote to memory of 2224	3056	rundll32.exe	28
PID 3056 wrote to memory of 2224	3056	rundll32.exe	28
PID 3056 wrote to memory of 2224	3056	rundll32.exe	28
PID 3056 wrote to memory of 2224	3056	rundll32.exe	28
PID 3056 wrote to memory of 2224	3056	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72879893ddf794e9a4ffdad3437e4e0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72879893ddf794e9a4ffdad3437e4e0_NeikiAnalytics.dll,#1
  2⤵
  PID:2224