0d28f15a56d68b4989f7665d1aa2b5fabca2a3626d3c92eaff9aa0ce83940f22

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 08:47

Target

ab7d502dccb30416704b38c7c471ff30_NeikiAnalytics.dll
Size

12KB
MD5

ab7d502dccb30416704b38c7c471ff30
SHA1

cb439f3a48dbc21e159c315e1cb16c1d170a49a2
SHA256

0d28f15a56d68b4989f7665d1aa2b5fabca2a3626d3c92eaff9aa0ce83940f22
SHA512

364ff8c6259869926746df8b6ce97bb322487cb4ce33f2d099adbc651147dba181e817c2ecb222354e3a90aaf22ce90c62d7aae667a3a964664d80d2cac201d6
SSDEEP

384:EneCMhME1hMEuCv/ENbSF9yDzebHx7Rjcdqvc7rFmIX/Q:ErMSE1SEuCvr9szebtRjePQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1400	1260	rundll32.exe	28
PID 1260 wrote to memory of 1400	1260	rundll32.exe	28
PID 1260 wrote to memory of 1400	1260	rundll32.exe	28
PID 1260 wrote to memory of 1400	1260	rundll32.exe	28
PID 1260 wrote to memory of 1400	1260	rundll32.exe	28
PID 1260 wrote to memory of 1400	1260	rundll32.exe	28
PID 1260 wrote to memory of 1400	1260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab7d502dccb30416704b38c7c471ff30_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab7d502dccb30416704b38c7c471ff30_NeikiAnalytics.dll,#1
  2⤵
  PID:1400