27a5491e3e44ccd62c474aeafb7ba18fbcf107a9886d9055e6ab000985cd5660

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 09:02

Target

27a5491e3e44ccd62c474aeafb7ba18fbcf107a9886d9055e6ab000985cd5660_NeikiAnalytics.dll
Size

76KB
MD5

1ec2aac46fba1f2128dfd4313808cfe8
SHA1

92d79836e5603456806f1b4321c1d21e29881dce
SHA256

27a5491e3e44ccd62c474aeafb7ba18fbcf107a9886d9055e6ab000985cd5660
SHA512

e083593d8515d05d858a790222e669add98d04d35f8e7e2f3f46fd8072d8137c2f826f7bb0e6a2abb5a1945dbd33583e56b81857dcf08a77c6377af496c0fbdb
SSDEEP

1536:g31k65JNj6adpmgqszn9HgZDunuBIPVf6ZUXdsWewcdmWZPNjv/:ej5uadpmgjn9HgYuBI8WexmCPNjv/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2932	2916	rundll32.exe	28
PID 2916 wrote to memory of 2932	2916	rundll32.exe	28
PID 2916 wrote to memory of 2932	2916	rundll32.exe	28
PID 2916 wrote to memory of 2932	2916	rundll32.exe	28
PID 2916 wrote to memory of 2932	2916	rundll32.exe	28
PID 2916 wrote to memory of 2932	2916	rundll32.exe	28
PID 2916 wrote to memory of 2932	2916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27a5491e3e44ccd62c474aeafb7ba18fbcf107a9886d9055e6ab000985cd5660_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27a5491e3e44ccd62c474aeafb7ba18fbcf107a9886d9055e6ab000985cd5660_NeikiAnalytics.dll,#1
  2⤵
  PID:2932