ba54998d30d4cd4be7dd04067589b5fa09865b537c01efce7e3e8ba188b26e3e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 21:50

Target

400b6b2761e7d2babdb17e4179dfc330_NeikiAnalytics.dll
Size

6KB
MD5

400b6b2761e7d2babdb17e4179dfc330
SHA1

b4a7b3d0fdb8f65b7a5d4490a8904a1050b5458f
SHA256

ba54998d30d4cd4be7dd04067589b5fa09865b537c01efce7e3e8ba188b26e3e
SHA512

5167c31964d3e6c33e0799e0815b11d7beb74a1c16ac7934351660763d80702b6ba8cfdca0261064d96231ae52e8cf09ed4dabc170525975ad86ba7a542cd4f2
SSDEEP

96:hy859x0P8Mazb7GdK84F48oxHlmAWrbTpFgz/vGeUBem:F5oLc7GdK8CboxHcxbTpeSePm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2220	2272	rundll32.exe	28
PID 2272 wrote to memory of 2220	2272	rundll32.exe	28
PID 2272 wrote to memory of 2220	2272	rundll32.exe	28
PID 2272 wrote to memory of 2220	2272	rundll32.exe	28
PID 2272 wrote to memory of 2220	2272	rundll32.exe	28
PID 2272 wrote to memory of 2220	2272	rundll32.exe	28
PID 2272 wrote to memory of 2220	2272	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\400b6b2761e7d2babdb17e4179dfc330_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\400b6b2761e7d2babdb17e4179dfc330_NeikiAnalytics.dll,#1
  2⤵
  PID:2220