f5c849209af8dbf0dd2e65b709edc6cbc74d51b38e35018a0debf066730d13b3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 15:29

Target

2583d8352dce374e28dfab63db2a9500_NeikiAnalytics.dll
Size

6KB
MD5

2583d8352dce374e28dfab63db2a9500
SHA1

ae428ffbc43c291733612d43380a31a4f7d0d512
SHA256

f5c849209af8dbf0dd2e65b709edc6cbc74d51b38e35018a0debf066730d13b3
SHA512

a315476d313b88d750621e2afa1af129d1b2b24b3914aadc4f09612edfd8b07b818641484b87eaf76c444db53dd9dfcec5a61e1b48daeaa5a14c593fe77649f7
SSDEEP

96:PIV9yIjhsZrg0j6I/AhWNi4JJauwo4RYpZJ4K/afokuVwRpuTJm:PyIIjWXGhqr/Jwo1ZmKygkuuRph

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2980	2240	rundll32.exe	28
PID 2240 wrote to memory of 2980	2240	rundll32.exe	28
PID 2240 wrote to memory of 2980	2240	rundll32.exe	28
PID 2240 wrote to memory of 2980	2240	rundll32.exe	28
PID 2240 wrote to memory of 2980	2240	rundll32.exe	28
PID 2240 wrote to memory of 2980	2240	rundll32.exe	28
PID 2240 wrote to memory of 2980	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2583d8352dce374e28dfab63db2a9500_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2583d8352dce374e28dfab63db2a9500_NeikiAnalytics.dll,#1
  2⤵
  PID:2980