0b4b38fa2e78d86d45d45f50e3a366f6fde719fff14c219dc684dcaa4f26cf7b

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 02:05

Target

5ab47c903fb167684cf003e08e2c17f0_NeikiAnalytics.dll
Size

1.5MB
MD5

5ab47c903fb167684cf003e08e2c17f0
SHA1

24ab35237297840223c821f140b7dcf6f1f35ff0
SHA256

0b4b38fa2e78d86d45d45f50e3a366f6fde719fff14c219dc684dcaa4f26cf7b
SHA512

4ea21f955160ec3a265acae1ee4458c0721598364e2b5eceeb4d4e2ec8af6d5d819334f32818c9d3053f27e5e2f59018785c3c63d2e4508f0a65995e46db2313
SSDEEP

24576:IXtlW5bvtPYjg8x4TFtevAUDW6KjGVMLI0Okk7t0x:IX7W5LxYjJx4Ti9DZVMLIxI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2216	1912	rundll32.exe	28
PID 1912 wrote to memory of 2216	1912	rundll32.exe	28
PID 1912 wrote to memory of 2216	1912	rundll32.exe	28
PID 1912 wrote to memory of 2216	1912	rundll32.exe	28
PID 1912 wrote to memory of 2216	1912	rundll32.exe	28
PID 1912 wrote to memory of 2216	1912	rundll32.exe	28
PID 1912 wrote to memory of 2216	1912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab47c903fb167684cf003e08e2c17f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab47c903fb167684cf003e08e2c17f0_NeikiAnalytics.dll,#1
  2⤵
  PID:2216