062ff3b2dae6abe42abada1d04ae77da32fb26ca3b5f5ca570e8b8950236e371

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 06:55

Target

7a01e61a69f1c78401e2bf5c994228c0_NeikiAnalytics.dll
Size

4KB
MD5

7a01e61a69f1c78401e2bf5c994228c0
SHA1

5e2601b825fdc8d04df082a6625d947e67008a0d
SHA256

062ff3b2dae6abe42abada1d04ae77da32fb26ca3b5f5ca570e8b8950236e371
SHA512

b2aa2675c3ce241b90fad79d34b13f0638a3d39c027a0b022b9062cfeb79df6ecb506e653c1eec4ece147221f3a22383e0d2e61e67c892f33cb2e94ec80b033f
SSDEEP

48:q0Z48j1gA5YHofrhWR0/iIsipbYtDfXgOrnsB/S+0cmXrNdxrfe:1tRn5cofrY06I/VY1no0VZfa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2436	836	rundll32.exe	28
PID 836 wrote to memory of 2436	836	rundll32.exe	28
PID 836 wrote to memory of 2436	836	rundll32.exe	28
PID 836 wrote to memory of 2436	836	rundll32.exe	28
PID 836 wrote to memory of 2436	836	rundll32.exe	28
PID 836 wrote to memory of 2436	836	rundll32.exe	28
PID 836 wrote to memory of 2436	836	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a01e61a69f1c78401e2bf5c994228c0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a01e61a69f1c78401e2bf5c994228c0_NeikiAnalytics.dll,#1
  2⤵
  PID:2436