a7d8b4d2226a1a16dddce368b7d28f6829f10e01d0179d5378b75b6264adc69f

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 14:44

Target

d6fc6ef54fd7dc24f483f3b7859f60b0_NeikiAnalytics.dll
Size

81KB
MD5

d6fc6ef54fd7dc24f483f3b7859f60b0
SHA1

d629b292eed590269241aaf07003c67f8ce4e76d
SHA256

a7d8b4d2226a1a16dddce368b7d28f6829f10e01d0179d5378b75b6264adc69f
SHA512

6a34629745a56d59c43f128f7b7ebe4debb3f7cc3a9f64191ad7a239e52917cba0a6fdbd350ca04d6e2fb11869320188fbe808ffb900e28721d617b1098ba7fd
SSDEEP

1536:WtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WZ:W4v4JKXTx71w0ArSsXF3enq8WZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6fc6ef54fd7dc24f483f3b7859f60b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6fc6ef54fd7dc24f483f3b7859f60b0_NeikiAnalytics.dll,#1
  2⤵
  PID:2472