f066f39204faa374edcd96972492cf48dbb96b250099be63ff071ce36c46ac26

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 04:12

Target

95249946a99ab3b58040c9fd32ba3c00_NeikiAnalytics.dll
Size

81KB
MD5

95249946a99ab3b58040c9fd32ba3c00
SHA1

e7b954847bc14ea36c361fb7c9bd0a34f5a96e24
SHA256

f066f39204faa374edcd96972492cf48dbb96b250099be63ff071ce36c46ac26
SHA512

4a4a26a6fba072c43ab7c84d5527a19279c514fd272a83a8e68ff608eb1eb0a459c1b0a26150a85b0f16d2f7a56b4b052ad82509f2e398903fd7def78f39708c
SSDEEP

1536:0ByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WM:Bv4JKXTx71wnArSsXFpeXq8WM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28
PID 3040 wrote to memory of 2140	3040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95249946a99ab3b58040c9fd32ba3c00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95249946a99ab3b58040c9fd32ba3c00_NeikiAnalytics.dll,#1
  2⤵
  PID:2140