9cbff5bbdf07ebeeda78c229170d12faf9142ffd958fc51ff9a1fcf875120bb1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 09:08

Target

b6fcafac093ad5709b4733e6a99ccbb0_NeikiAnalytics.dll
Size

81KB
MD5

b6fcafac093ad5709b4733e6a99ccbb0
SHA1

e369d7c8becabec62773c2f1ce50772c53cb51b9
SHA256

9cbff5bbdf07ebeeda78c229170d12faf9142ffd958fc51ff9a1fcf875120bb1
SHA512

870233323d59369745154e92e2b3cd65bf182baa26d504de4c01898441a36db9eebb673319bb835de4e3a7d7c03b58c1ecee0c13d4813810eafddbc31679aec3
SSDEEP

1536:stByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wl:s4v4JKXTx71w0ArSsXF3enq8Wl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6fcafac093ad5709b4733e6a99ccbb0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6fcafac093ad5709b4733e6a99ccbb0_NeikiAnalytics.dll,#1
  2⤵
  PID:2540