fe61d017ec4f548381042ed5aa900aeca8932a7a32df0216f93b8580ed692364

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 21:42

Target

3e345df80b695bf344d6389c7dcf3eb0_NeikiAnalytics.dll
Size

7KB
MD5

3e345df80b695bf344d6389c7dcf3eb0
SHA1

ba400e482111296b88d7cf719dc3676ecffbbd0f
SHA256

fe61d017ec4f548381042ed5aa900aeca8932a7a32df0216f93b8580ed692364
SHA512

8caf0993f493192f31359c3bdf7f4dc8a29a0e7ce8b29f09f618e8a07d52130d3393c21c7d7a896111e8f20970d8967ae035e482f6241a1ee68112c8d9c690ab
SSDEEP

96:DixZjmjtjd8jPjcZGR5TICJQtM6+Jyc+uaDL+Us+zcSrnBDVAdDeTgv2wo:unSR6bgY0iT0JiUV4SdDVAdDeTrwo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2076	2236	rundll32.exe	28
PID 2236 wrote to memory of 2076	2236	rundll32.exe	28
PID 2236 wrote to memory of 2076	2236	rundll32.exe	28
PID 2236 wrote to memory of 2076	2236	rundll32.exe	28
PID 2236 wrote to memory of 2076	2236	rundll32.exe	28
PID 2236 wrote to memory of 2076	2236	rundll32.exe	28
PID 2236 wrote to memory of 2076	2236	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e345df80b695bf344d6389c7dcf3eb0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e345df80b695bf344d6389c7dcf3eb0_NeikiAnalytics.dll,#1
  2⤵
  PID:2076