96aa906e736e5aaf8ada706d8efc74fb8974aeeb72bf2815696cb89a5253a870

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 12:26

Target

b78d8c43283fc0f57606cd82636dcb10_NeikiAnalytics.dll
Size

5KB
MD5

b78d8c43283fc0f57606cd82636dcb10
SHA1

d08c63584574e2390364a657b43d730a2602da4d
SHA256

96aa906e736e5aaf8ada706d8efc74fb8974aeeb72bf2815696cb89a5253a870
SHA512

1fddcb194f59b88170d7c26f6dad5bd8da7946d7f49b63e2c790885e841ab5d7eeb9954eef39134c76fbc953dee4f1aacbaaa187b814cf0d1e9993e1e78c656b
SSDEEP

24:ev1GSfARcJ8ik9IBUuArt6lLYVnMMfFrk4XiRcw0/W9XgxYUWE6A7F8tPIrAxjOf:qfAVqmtqcRH9rhWR0OCxPWE7+PIExja

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1104	2036	rundll32.exe	28
PID 2036 wrote to memory of 1104	2036	rundll32.exe	28
PID 2036 wrote to memory of 1104	2036	rundll32.exe	28
PID 2036 wrote to memory of 1104	2036	rundll32.exe	28
PID 2036 wrote to memory of 1104	2036	rundll32.exe	28
PID 2036 wrote to memory of 1104	2036	rundll32.exe	28
PID 2036 wrote to memory of 1104	2036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b78d8c43283fc0f57606cd82636dcb10_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b78d8c43283fc0f57606cd82636dcb10_NeikiAnalytics.dll,#1
  2⤵
  PID:1104