87a3a87b0a55414f985ffcd3bac1e1b0fd2ee39a04a33bdefb78d1d801db95fd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:49

Target

38619d63699fce54df5772fc643e0c00_NeikiAnalytics.dll
Size

60KB
MD5

38619d63699fce54df5772fc643e0c00
SHA1

28e8531d287e4add10db156a33dc47d09c94435a
SHA256

87a3a87b0a55414f985ffcd3bac1e1b0fd2ee39a04a33bdefb78d1d801db95fd
SHA512

8f48147c35a9810f40d64a08fa2beb4a3516c4eee74baa1279817c43c7f14a36da1963a6638af92e304307986793e964b74c78e748af8450521f33e7fe3534ef
SSDEEP

768:JWs7wme/GS3W1INK7DD1XsC07NK2kj1dLNdLegC1LvD6179+NW2DWy:JWic13W1INK3D/IkzXLes9+NW2/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2040	2116	rundll32.exe	28
PID 2116 wrote to memory of 2040	2116	rundll32.exe	28
PID 2116 wrote to memory of 2040	2116	rundll32.exe	28
PID 2116 wrote to memory of 2040	2116	rundll32.exe	28
PID 2116 wrote to memory of 2040	2116	rundll32.exe	28
PID 2116 wrote to memory of 2040	2116	rundll32.exe	28
PID 2116 wrote to memory of 2040	2116	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38619d63699fce54df5772fc643e0c00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38619d63699fce54df5772fc643e0c00_NeikiAnalytics.dll,#1
  2⤵
  PID:2040