c5f685de7546ec5fc024ff44752c0f6a2002f55973834b1bd6481de8fdb01379

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 15:10

Target

124fb3a55f5fefacb917530617365ba0_NeikiAnalytics.dll
Size

81KB
MD5

124fb3a55f5fefacb917530617365ba0
SHA1

b0157a69b4a8edbe627f972929944dbb6a0fcae5
SHA256

c5f685de7546ec5fc024ff44752c0f6a2002f55973834b1bd6481de8fdb01379
SHA512

a1f37b42ca536d2f138e0022cd2933605f62cf4d8a795c0205a9ca7710a5aa7cf17f6bc37eab57bd632ba02bb32d784e9ecd30a0edc0996fe2df97cebd24d44e
SSDEEP

1536:HtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wb:H4v4JKXTx71w0ArSsXF3enq8Wb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 2036	1192	rundll32.exe	28
PID 1192 wrote to memory of 2036	1192	rundll32.exe	28
PID 1192 wrote to memory of 2036	1192	rundll32.exe	28
PID 1192 wrote to memory of 2036	1192	rundll32.exe	28
PID 1192 wrote to memory of 2036	1192	rundll32.exe	28
PID 1192 wrote to memory of 2036	1192	rundll32.exe	28
PID 1192 wrote to memory of 2036	1192	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\124fb3a55f5fefacb917530617365ba0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\124fb3a55f5fefacb917530617365ba0_NeikiAnalytics.dll,#1
  2⤵
  PID:2036