ac9dba7333d9bfd4158b9c0b912855613086f4ac669ce728ead7cafccfe76e7e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 11:08

Target

b43c83a936d116cd6313abd2c1178a50_NeikiAnalytics.dll
Size

7KB
MD5

b43c83a936d116cd6313abd2c1178a50
SHA1

019ec2113d2c2d9dc73a6012d52204f231b6a7d3
SHA256

ac9dba7333d9bfd4158b9c0b912855613086f4ac669ce728ead7cafccfe76e7e
SHA512

fb1f0d1ad3773c854c9658a9055facfcb142f1046d15a51c2d6d23ece96c704f591b3ee4ff905babef2824958ce8ecf7693019e8980b57f9ea5420afe7f94eae
SSDEEP

96:PIV9yIjhsZrg0j6I/AhWNiJhZ+ICz8AaS/O3fAoqExwBO+rckjFmaN8zf6n1HvOX:PyIIjWXGhq+iro1qmoO+Ys58z61H7zi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2748	1876	rundll32.exe	28
PID 1876 wrote to memory of 2748	1876	rundll32.exe	28
PID 1876 wrote to memory of 2748	1876	rundll32.exe	28
PID 1876 wrote to memory of 2748	1876	rundll32.exe	28
PID 1876 wrote to memory of 2748	1876	rundll32.exe	28
PID 1876 wrote to memory of 2748	1876	rundll32.exe	28
PID 1876 wrote to memory of 2748	1876	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b43c83a936d116cd6313abd2c1178a50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b43c83a936d116cd6313abd2c1178a50_NeikiAnalytics.dll,#1
  2⤵
  PID:2748