96abaca71bf30c2ec1f043cbf8dd9441e59aa4e8d65823ccbbaeed2d5e0a690e

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 17:05

Target

bf0e9894726da894f1301eb32bdc4d10_NeikiAnalytics.dll
Size

5KB
MD5

bf0e9894726da894f1301eb32bdc4d10
SHA1

a52704c4a1ab2858137f61339defe08bd5be9fd5
SHA256

96abaca71bf30c2ec1f043cbf8dd9441e59aa4e8d65823ccbbaeed2d5e0a690e
SHA512

195c454802fab25ffe2120341d5f29c0ec4ad2cec30ff78974acec769b59036576c7d91560f9ed7781def50f64e10055d701a37007e65d04af7f3b333d709dd9
SSDEEP

48:Ss0vOiamaF9wJqkECrhWR00scqn6dpRRPi7iPQhPSPNYn9dGQFFWIGGWHrpBBUMt:z0I9wZLrY0/f/uDuF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2344	2216	rundll32.exe	28
PID 2216 wrote to memory of 2344	2216	rundll32.exe	28
PID 2216 wrote to memory of 2344	2216	rundll32.exe	28
PID 2216 wrote to memory of 2344	2216	rundll32.exe	28
PID 2216 wrote to memory of 2344	2216	rundll32.exe	28
PID 2216 wrote to memory of 2344	2216	rundll32.exe	28
PID 2216 wrote to memory of 2344	2216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0e9894726da894f1301eb32bdc4d10_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0e9894726da894f1301eb32bdc4d10_NeikiAnalytics.dll,#1
  2⤵
  PID:2344