8f05973eaaf86b61275eb1f7dabfab8213c16273ad725c48e6f7b40579673cc8

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 02:17

Target

5697632e19a1dda357d265f59c0aae70_NeikiAnalytics.dll
Size

81KB
MD5

5697632e19a1dda357d265f59c0aae70
SHA1

810a4965b1a475372036968397f4d1a6dac42a61
SHA256

8f05973eaaf86b61275eb1f7dabfab8213c16273ad725c48e6f7b40579673cc8
SHA512

ca8bfc1b74da9d2261af610e6f82759366a91a4fcdd802541df43603158f07252641f1c096227d62be2cbb54d90d8fcedb3cc4238b22573bb830ce0faff5f0db
SSDEEP

1536:otByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wo:o4v4JKXTx71w0ArSsXF3enq8Wo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 784	2320	rundll32.exe	29
PID 2320 wrote to memory of 784	2320	rundll32.exe	29
PID 2320 wrote to memory of 784	2320	rundll32.exe	29
PID 2320 wrote to memory of 784	2320	rundll32.exe	29
PID 2320 wrote to memory of 784	2320	rundll32.exe	29
PID 2320 wrote to memory of 784	2320	rundll32.exe	29
PID 2320 wrote to memory of 784	2320	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5697632e19a1dda357d265f59c0aae70_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5697632e19a1dda357d265f59c0aae70_NeikiAnalytics.dll,#1
  2⤵
  PID:784