99d57eb995a6b14d06da92f527165adf32379fd3345061095f15dcc3679b2ffd

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 06:38

Target

786c1145f663a22f8ac96bd624614300_NeikiAnalytics.dll
Size

905KB
MD5

786c1145f663a22f8ac96bd624614300
SHA1

5456d6cf03a23a60b10e1ae0f051392f08212247
SHA256

99d57eb995a6b14d06da92f527165adf32379fd3345061095f15dcc3679b2ffd
SHA512

e52f53a9b12afd7c7808e11999099958863298aa3c652432f8a399a96010675102ec31cf3c4b26ac7e079aab46924049f924967b907f0971a35249257959c8ec
SSDEEP

3072:s7xpFMMou3skWoA78BJ9vdJeBbqJVzQkuR6EPvbXn6WEx5W7B/zrusWm4sHByv:GxpFMMol0JluMTtELqWExAzzd4iE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1100	2004	rundll32.exe	28
PID 2004 wrote to memory of 1100	2004	rundll32.exe	28
PID 2004 wrote to memory of 1100	2004	rundll32.exe	28
PID 2004 wrote to memory of 1100	2004	rundll32.exe	28
PID 2004 wrote to memory of 1100	2004	rundll32.exe	28
PID 2004 wrote to memory of 1100	2004	rundll32.exe	28
PID 2004 wrote to memory of 1100	2004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\786c1145f663a22f8ac96bd624614300_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\786c1145f663a22f8ac96bd624614300_NeikiAnalytics.dll,#1
  2⤵
  PID:1100