4cc7833248f77506ab773ce108462101f94839bc050dd7f37d66d2c8f08582d6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 11:38

Target

dd01c9720c48ddd2d2777954ab587c50_NeikiAnalytics.dll
Size

824KB
MD5

dd01c9720c48ddd2d2777954ab587c50
SHA1

b4395484c8abd44ad88b9a6415240701f28afe1e
SHA256

4cc7833248f77506ab773ce108462101f94839bc050dd7f37d66d2c8f08582d6
SHA512

7d41f76201b5ee5171d178f0817f40a70d26aa9b0dace4738217121929abe97da5f01b0dca3682e36eac9a0ecb19b2f4b3319634891cb329c1c6797759fa5179
SSDEEP

12288:bjfFPVDQ/02tr8srJx7oKGz+xA007hODE2hEObWGMVOnnpxW:PtPVwtAsrJx7oXZ2V2GnTW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28
PID 3012 wrote to memory of 2124	3012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd01c9720c48ddd2d2777954ab587c50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd01c9720c48ddd2d2777954ab587c50_NeikiAnalytics.dll,#1
  2⤵
  PID:2124