236d6ac402da798b16083f1320277c4354b852ce162ba5b807d5013f863f13c8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 09:44

Target

e7d309c480593f2a5da1a4b16ad506b0_NeikiAnalytics.dll
Size

17KB
MD5

e7d309c480593f2a5da1a4b16ad506b0
SHA1

9f943d62fd45fa7f6a84425aa7ddd3aa34366485
SHA256

236d6ac402da798b16083f1320277c4354b852ce162ba5b807d5013f863f13c8
SHA512

1a913aed1bca9bb42a43a74d1c0ffd7b84a5fda689ec1bcfa28a3c26e25e2f13b6502d9e332007bbef15b253d7cbec69e6a219c47105430873bba947eccf144f
SSDEEP

192:IBiRd4lLIh94XV5NZ9aQ3JsjuwcfBCwdnfjJFYWhei3i64m/Ev:IBiRdF9k7NZoQ326wcJCwdNFFhCm/Ev

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 2336	1512	rundll32.exe	28
PID 1512 wrote to memory of 2336	1512	rundll32.exe	28
PID 1512 wrote to memory of 2336	1512	rundll32.exe	28
PID 1512 wrote to memory of 2336	1512	rundll32.exe	28
PID 1512 wrote to memory of 2336	1512	rundll32.exe	28
PID 1512 wrote to memory of 2336	1512	rundll32.exe	28
PID 1512 wrote to memory of 2336	1512	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d309c480593f2a5da1a4b16ad506b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d309c480593f2a5da1a4b16ad506b0_NeikiAnalytics.dll,#1
  2⤵
  PID:2336