4714e9156f6ca58efeb2c2111e10a1ec4a46e7b863e307d3e4b21653f5393827

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 04:09

Target

683e742ebb8c8c9d7d1221912cab82b0_NeikiAnalytics.dll
Size

81KB
MD5

683e742ebb8c8c9d7d1221912cab82b0
SHA1

2feeea4eccc66c680b6f527f2e784abe84926925
SHA256

4714e9156f6ca58efeb2c2111e10a1ec4a46e7b863e307d3e4b21653f5393827
SHA512

912ec803461af60ac81d1da22777ed9ca12d1099e5bef730eb8d3b0eab8c75ca7599264a4e66221e91eab95336cf3de29204021264a012883e55854de7f7dbe8
SSDEEP

1536:OtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WT:O4v4JKXTx71w0ArSsXF3enq8WT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2344	1720	rundll32.exe	28
PID 1720 wrote to memory of 2344	1720	rundll32.exe	28
PID 1720 wrote to memory of 2344	1720	rundll32.exe	28
PID 1720 wrote to memory of 2344	1720	rundll32.exe	28
PID 1720 wrote to memory of 2344	1720	rundll32.exe	28
PID 1720 wrote to memory of 2344	1720	rundll32.exe	28
PID 1720 wrote to memory of 2344	1720	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\683e742ebb8c8c9d7d1221912cab82b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\683e742ebb8c8c9d7d1221912cab82b0_NeikiAnalytics.dll,#1
  2⤵
  PID:2344