dd84e640d5cd6a178103fd29e64fe66b3dde0e2f93f6969ab4d22482a092a4f7

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 12:34

Target

deb9921e0a17e71ab6a4596b181475a0_NeikiAnalytics.dll
Size

460KB
MD5

deb9921e0a17e71ab6a4596b181475a0
SHA1

09ba6b7ce3490de5cf4b47fb2549c181d631f9df
SHA256

dd84e640d5cd6a178103fd29e64fe66b3dde0e2f93f6969ab4d22482a092a4f7
SHA512

2a268afd0f96374065a49abbd9aa7cd7c8152e03a9103cf29a78bee8c4bab9d68bd82bc7dbf806a730a9d0e9d0531dc82e9f2b391989210a1e8d079bb763f875
SSDEEP

6144:1riBMQkzOQnmUGSB0C6Qrcx/7WEuqNMmMBUGwMzuPO5sGU:1riBMQk/ndGSyC6L7WEuqsLzuPOY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1456	2236	rundll32.exe	28
PID 2236 wrote to memory of 1456	2236	rundll32.exe	28
PID 2236 wrote to memory of 1456	2236	rundll32.exe	28
PID 2236 wrote to memory of 1456	2236	rundll32.exe	28
PID 2236 wrote to memory of 1456	2236	rundll32.exe	28
PID 2236 wrote to memory of 1456	2236	rundll32.exe	28
PID 2236 wrote to memory of 1456	2236	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\deb9921e0a17e71ab6a4596b181475a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\deb9921e0a17e71ab6a4596b181475a0_NeikiAnalytics.dll,#1
  2⤵
  PID:1456