0b2d44ba2f07074fdd8e579075227f46e834fa75344cf1229bd20c77f5e4ad0d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 04:44

Target

989f10555d075413fab5ad6d5f546ad0_NeikiAnalytics.dll
Size

6KB
MD5

989f10555d075413fab5ad6d5f546ad0
SHA1

af0e1d64fbdae29bb98457b7595fc70e6268e226
SHA256

0b2d44ba2f07074fdd8e579075227f46e834fa75344cf1229bd20c77f5e4ad0d
SHA512

57487e48e5f173d8d0ff0b1c789c2a8eb0cab298de34b0d35541cb56d9bb2c00454b71334e5e8e7c7903dd85d7c3214196091cb2e8a271918670bd69d095d492
SSDEEP

96:nEY2RrF1eqwi43VJuBFFypm7ppFuaYn4Y4qY9Sue:EHRh1epp3VeFFyjZhb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2040	3048	rundll32.exe	28
PID 3048 wrote to memory of 2040	3048	rundll32.exe	28
PID 3048 wrote to memory of 2040	3048	rundll32.exe	28
PID 3048 wrote to memory of 2040	3048	rundll32.exe	28
PID 3048 wrote to memory of 2040	3048	rundll32.exe	28
PID 3048 wrote to memory of 2040	3048	rundll32.exe	28
PID 3048 wrote to memory of 2040	3048	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\989f10555d075413fab5ad6d5f546ad0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\989f10555d075413fab5ad6d5f546ad0_NeikiAnalytics.dll,#1
  2⤵
  PID:2040