383eea2caac543a0c9bcadf6bff901a6511fc92a18314486baf7c090c76a8a86

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 09:44

Target

e7d7a625979cc1c316da37e70dc5ff50_NeikiAnalytics.dll
Size

4KB
MD5

e7d7a625979cc1c316da37e70dc5ff50
SHA1

9d365009dd1500fbdd22c9c05ce0072afd4a7702
SHA256

383eea2caac543a0c9bcadf6bff901a6511fc92a18314486baf7c090c76a8a86
SHA512

00000edcb4d9781b7d644c6c444837d4fb80c64c6a244b5c7a67f10e50d7a227886044bd40825f0a030ecae1a7464c6320e02e0f7d84ec933e12e029cff98fca
SSDEEP

48:qHupGeMcCB96DrhWHR0FiIsipZlM+u+eAPMDQHpyuLv6om/WL7+XC:PMXB0rw0MI/pwbdnI7+XC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28
PID 2744 wrote to memory of 2104	2744	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d7a625979cc1c316da37e70dc5ff50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d7a625979cc1c316da37e70dc5ff50_NeikiAnalytics.dll,#1
  2⤵
  PID:2104