e49d59df06bb0dd02dd1d0b129a6b3d09b1ba00077a6f4b6e73ac0dea48d70a0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 23:25

Target

534eb42532faf81c5089ff51f1d71a70_NeikiAnalytics.dll
Size

5KB
MD5

534eb42532faf81c5089ff51f1d71a70
SHA1

0041fa2488375f22f29f9db14f7000e6383cbd43
SHA256

e49d59df06bb0dd02dd1d0b129a6b3d09b1ba00077a6f4b6e73ac0dea48d70a0
SHA512

2d3f9e2cffd24f65dd8f5063e2ec4b050ccf8272dccc4796976fb2f6dbc2d18fca1d614871c5c29ff15b8695d17c397d2dda0481a6d8a46260a3022cdaa91ed7
SSDEEP

96:FtrRdrY0x7+PZktJyL5nmckMRFnizQdavHVwI9p:Ft11+P6Ja3o3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\534eb42532faf81c5089ff51f1d71a70_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\534eb42532faf81c5089ff51f1d71a70_NeikiAnalytics.dll,#1
  2⤵
  PID:2940