b9b34e788fc8ee9d223d10d138ca38f097790cb9785fd3b22bd5d7e586f2fa16

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 21:57

Target

3149618572105b8191f8c2216032eae0_NeikiAnalytics.dll
Size

1.4MB
MD5

3149618572105b8191f8c2216032eae0
SHA1

6c0a34a2456604eea97f35b9e56a485052d2f257
SHA256

b9b34e788fc8ee9d223d10d138ca38f097790cb9785fd3b22bd5d7e586f2fa16
SHA512

49fba49df0b3a739b2fc6aa8b881c90c4bb31103ee00231e01653d8fd1688cbfadf0efe4ad2e390c4d27ccfc87322774b4c0295ec22291d1c63dcadffca4099f
SSDEEP

24576:AYlDzwQwulBwh4Ec/E0oIYxTV6m69dmskwjQrPKBntTimFp/CYXKaW3:HIQwuAh5Vf36fmskJWT/Fp/CYXKaW3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3149618572105b8191f8c2216032eae0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3149618572105b8191f8c2216032eae0_NeikiAnalytics.dll,#1
  2⤵
  PID:1940