87b6d7c2e0732f2c33a99bf59c3fed68f1f15b9640b487098a13c1d603ccbf74

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:11

Target

1429038923563a63e7d29d7ee49c7000_NeikiAnalytics.dll
Size

275KB
MD5

1429038923563a63e7d29d7ee49c7000
SHA1

a4cee6cba921165c2dc34c0102f38f266423e0d8
SHA256

87b6d7c2e0732f2c33a99bf59c3fed68f1f15b9640b487098a13c1d603ccbf74
SHA512

9886dac600195b07f1165494635256b5adbf307773808e699bd3a1debea62b2a4cf170876ff8ec6a828970a9d8b0b7405deb30f5704543f7fb7bb0061db146a3
SSDEEP

6144:gOFc6dXpqTHkxZTmi2boph0lhSMXlBXBW/XL:gydXpqT6L8oph0lhSMXleX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1948 wrote to memory of 1508	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1508	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1508	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1508	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1508	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1508	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1508	1948	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1429038923563a63e7d29d7ee49c7000_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1429038923563a63e7d29d7ee49c7000_NeikiAnalytics.dll,#1
2⤵
PID:1508