f70875d9e6530c7ac40abb8aa19c5a6b7e871e5ec75aa577d015a6df044d3a76

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 06:47

Target

969004c0a3bc5e41d8642658fc047c20_NeikiAnalytics.dll
Size

5KB
MD5

969004c0a3bc5e41d8642658fc047c20
SHA1

77a6d0096b558a35eb95d1505229247d03c5e72d
SHA256

f70875d9e6530c7ac40abb8aa19c5a6b7e871e5ec75aa577d015a6df044d3a76
SHA512

58123441b57ca7221e80542da8da368a575e099dc7444e75e43337a219b666ea6aec68c8c8c26637b119a906d1b9a7159e456a62bf5c644891557718554dd2c9
SSDEEP

96:hy859x0P8MaRxQUwVrAo1EDsdlR/RlSdShFiLN0JC/a8:F5oLeiNEQdlhSdShF2qcC8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2900	2888	rundll32.exe	28
PID 2888 wrote to memory of 2900	2888	rundll32.exe	28
PID 2888 wrote to memory of 2900	2888	rundll32.exe	28
PID 2888 wrote to memory of 2900	2888	rundll32.exe	28
PID 2888 wrote to memory of 2900	2888	rundll32.exe	28
PID 2888 wrote to memory of 2900	2888	rundll32.exe	28
PID 2888 wrote to memory of 2900	2888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\969004c0a3bc5e41d8642658fc047c20_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\969004c0a3bc5e41d8642658fc047c20_NeikiAnalytics.dll,#1
  2⤵
  PID:2900