dda86a0458a808804932d0ea233855a0b023be7c9f7a1daabae72d6e2cbd3d22

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 20:01

Target

26dacd8355dcac2156ef699e07c0d2f0_NeikiAnalytics.dll
Size

81KB
MD5

26dacd8355dcac2156ef699e07c0d2f0
SHA1

4f2a2d7ea1e9b0d35069ffd034415da7069f3858
SHA256

dda86a0458a808804932d0ea233855a0b023be7c9f7a1daabae72d6e2cbd3d22
SHA512

6f80e4a3a45916f8c4ce08a60e75822775774d81aa80add6f593276019768ae8dde0b6304317c32fcbc8bb14a029857d6a9e4a226760472037ba9f12181c37c2
SSDEEP

1536:ltByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W7:l4v4JKXTx71w0ArSsXF3enq8W7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 2200	1616	rundll32.exe	28
PID 1616 wrote to memory of 2200	1616	rundll32.exe	28
PID 1616 wrote to memory of 2200	1616	rundll32.exe	28
PID 1616 wrote to memory of 2200	1616	rundll32.exe	28
PID 1616 wrote to memory of 2200	1616	rundll32.exe	28
PID 1616 wrote to memory of 2200	1616	rundll32.exe	28
PID 1616 wrote to memory of 2200	1616	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26dacd8355dcac2156ef699e07c0d2f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26dacd8355dcac2156ef699e07c0d2f0_NeikiAnalytics.dll,#1
  2⤵
  PID:2200