a0abea6b4afa3ace54c7d0cfaf0cf4eb05e381a5623c9f0203e405da8ce01217

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 20:50

Target

386592479ad587aa209f56d3ef605710_NeikiAnalytics.dll
Size

81KB
MD5

386592479ad587aa209f56d3ef605710
SHA1

b3ff822ae002a6d300c8ba003f1328c25a43323e
SHA256

a0abea6b4afa3ace54c7d0cfaf0cf4eb05e381a5623c9f0203e405da8ce01217
SHA512

48abfa187bb61659f3f4f82f1d0145c04e65e7e27a8bf17d0f6d0099a50e02b11b6a7f669ee6d556e68672a59c8b90e7fb28ee35d3112c73c81977fbea8982a9
SSDEEP

1536:kc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+G9:b+5oxmqAiR8+/RBkez0U+i

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28
PID 2240 wrote to memory of 2940	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\386592479ad587aa209f56d3ef605710_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\386592479ad587aa209f56d3ef605710_NeikiAnalytics.dll,#1
  2⤵
  PID:2940