3608c5d6c86d113dd381e0fb2e28d8bb92d4c05659a9943c4963fe3258008ba5

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:10

Target

4888f3c6aadf51be9fc8f65ab4eadb50_NeikiAnalytics.dll
Size

81KB
MD5

4888f3c6aadf51be9fc8f65ab4eadb50
SHA1

cb0d2a31afe900ce3dd56dfe46bd44dc88c9e4b8
SHA256

3608c5d6c86d113dd381e0fb2e28d8bb92d4c05659a9943c4963fe3258008ba5
SHA512

9039e1404c82992ef393969c70565487b358ccd6f1d090dfa00c5e2739980d782d1544151152e9126d0d9dbb21836610532157337e8bbd1dbbf89a219b61b655
SSDEEP

1536:atByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WN:a4v4JKXTx71w0ArSsXF3enq8WN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2036 wrote to memory of 2656	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 2656	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 2656	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 2656	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 2656	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 2656	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 2656	2036	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4888f3c6aadf51be9fc8f65ab4eadb50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4888f3c6aadf51be9fc8f65ab4eadb50_NeikiAnalytics.dll,#1
  2⤵
  PID:2656