5cd516fa38a0622f8ce79896c90ac9a63f990932234208836e65841c09243760

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 07:20

Target

7c923616961b2380ab84fa24f7519220_NeikiAnalytics.dll
Size

81KB
MD5

7c923616961b2380ab84fa24f7519220
SHA1

ea0aa4439ecb37f1ee900ab7c009166e3e1e92be
SHA256

5cd516fa38a0622f8ce79896c90ac9a63f990932234208836e65841c09243760
SHA512

541bab58a81a86cacc8275bf7f01a80dbadfff291e42bd682a4161ca351dbc8b9455777d70577dac9ec741efd35afb8900703a1d10f2344eaa10e65d674cc0bb
SSDEEP

1536:YtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WI:Y4v4JKXTx71w0ArSsXF3enq8WI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2132	1872	rundll32.exe	29
PID 1872 wrote to memory of 2132	1872	rundll32.exe	29
PID 1872 wrote to memory of 2132	1872	rundll32.exe	29
PID 1872 wrote to memory of 2132	1872	rundll32.exe	29
PID 1872 wrote to memory of 2132	1872	rundll32.exe	29
PID 1872 wrote to memory of 2132	1872	rundll32.exe	29
PID 1872 wrote to memory of 2132	1872	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c923616961b2380ab84fa24f7519220_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c923616961b2380ab84fa24f7519220_NeikiAnalytics.dll,#1
  2⤵
  PID:2132