4ba75dd555b7f76e2973cd1238764f47b5a8ef1b08f8fbd5b5e93968d744779e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 01:13

Target

55049748bc133430be1cde43713246b0_NeikiAnalytics.dll
Size

6KB
MD5

55049748bc133430be1cde43713246b0
SHA1

0ec5fbf29d38371a15c9a20cf47b3582d4f67f6d
SHA256

4ba75dd555b7f76e2973cd1238764f47b5a8ef1b08f8fbd5b5e93968d744779e
SHA512

57261e99acae55376f74b3ef38077560ac4c7583f722a24bf9672ccea6bc95eea27bf65327ff9fb60a20e1c970017a24757695cd5c43bd2fcd872bce8f2ebc22
SSDEEP

96:hy859x0P8MaOC/DV8U+1huSH1VbxGHrTHiu/wrJu:F5oLR2D+U+1huE19mrzb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2044	2180	rundll32.exe	28
PID 2180 wrote to memory of 2044	2180	rundll32.exe	28
PID 2180 wrote to memory of 2044	2180	rundll32.exe	28
PID 2180 wrote to memory of 2044	2180	rundll32.exe	28
PID 2180 wrote to memory of 2044	2180	rundll32.exe	28
PID 2180 wrote to memory of 2044	2180	rundll32.exe	28
PID 2180 wrote to memory of 2044	2180	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55049748bc133430be1cde43713246b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55049748bc133430be1cde43713246b0_NeikiAnalytics.dll,#1
  2⤵
  PID:2044