038f1a06711690253ca432046172eebaf9e556587537d3d0d4ff8109c16f76a1

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 00:38

Target

429b54c6187200441be953ef09424540_NeikiAnalytics.dll
Size

81KB
MD5

429b54c6187200441be953ef09424540
SHA1

25d23922361eb5e0f72724d63376069264414a54
SHA256

038f1a06711690253ca432046172eebaf9e556587537d3d0d4ff8109c16f76a1
SHA512

a6f51b030cca706bc32303eaa67566e63911c1e1a8b538a5ddfb7e86d2cf5cc90c85a0ccf4e13d7f0d51bf32f981dc080076ecea904f8dc4da11214c491427b2
SSDEEP

1536:KtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WJ:K4v4JKXTx71w0ArSsXF3enq8WJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2008	2844	rundll32.exe	28
PID 2844 wrote to memory of 2008	2844	rundll32.exe	28
PID 2844 wrote to memory of 2008	2844	rundll32.exe	28
PID 2844 wrote to memory of 2008	2844	rundll32.exe	28
PID 2844 wrote to memory of 2008	2844	rundll32.exe	28
PID 2844 wrote to memory of 2008	2844	rundll32.exe	28
PID 2844 wrote to memory of 2008	2844	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\429b54c6187200441be953ef09424540_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\429b54c6187200441be953ef09424540_NeikiAnalytics.dll,#1
  2⤵
  PID:2008