4bbc70aa905fbcf4e00cfa5873fb65e61b2113dfb7cf6104781f73c1174b2c04

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 20:00

Target

1a97fea46d66cfa2a96b6cb375545240_NeikiAnalytics.dll
Size

5KB
MD5

1a97fea46d66cfa2a96b6cb375545240
SHA1

5d2b7b142068f3d801dba67efb351a357a58ad70
SHA256

4bbc70aa905fbcf4e00cfa5873fb65e61b2113dfb7cf6104781f73c1174b2c04
SHA512

a97ce8bb9db67fc5a081d19217fc8bba35f147660201a13552de2998ff034af0120ca85e0ca0812118ba82497cef26357866d279a4246cfa178b33df41f4fdf7
SSDEEP

48:Ss0QejYDx6/gB5B65/ic/2hmm3YGebeTKurfUsMbfN1Plea/2rg682LmPq6U/ya6:z0QR9B6BvAwbliLyUKAYj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1032	3068	rundll32.exe	28
PID 3068 wrote to memory of 1032	3068	rundll32.exe	28
PID 3068 wrote to memory of 1032	3068	rundll32.exe	28
PID 3068 wrote to memory of 1032	3068	rundll32.exe	28
PID 3068 wrote to memory of 1032	3068	rundll32.exe	28
PID 3068 wrote to memory of 1032	3068	rundll32.exe	28
PID 3068 wrote to memory of 1032	3068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a97fea46d66cfa2a96b6cb375545240_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a97fea46d66cfa2a96b6cb375545240_NeikiAnalytics.dll,#1
  2⤵
  PID:1032