eef60f3c35d1b491f8a532a350ed88d7c86daf2e75a343d492a5064e45d26eeb

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 03:59

Target

70c622b64874731062885caa88fe67f0_NeikiAnalytics.dll
Size

81KB
MD5

70c622b64874731062885caa88fe67f0
SHA1

3f7c87fbb43cfd8853b8d32945c809c9a2f61b88
SHA256

eef60f3c35d1b491f8a532a350ed88d7c86daf2e75a343d492a5064e45d26eeb
SHA512

29561f805de55a56c1ffa8642efddaeb9216fa02402c1ae1c04d5247d160b35c8a653e5f8a672e074b74191d4c89df60a8b90643b425ff76640b2b60bea474dc
SSDEEP

1536:StByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W1:S4v4JKXTx71w0ArSsXF3enq8W1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2944	3064	rundll32.exe	28
PID 3064 wrote to memory of 2944	3064	rundll32.exe	28
PID 3064 wrote to memory of 2944	3064	rundll32.exe	28
PID 3064 wrote to memory of 2944	3064	rundll32.exe	28
PID 3064 wrote to memory of 2944	3064	rundll32.exe	28
PID 3064 wrote to memory of 2944	3064	rundll32.exe	28
PID 3064 wrote to memory of 2944	3064	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70c622b64874731062885caa88fe67f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70c622b64874731062885caa88fe67f0_NeikiAnalytics.dll,#1
  2⤵
  PID:2944