69378d3abf4008786e83175be93093e98d4255bdba173787dd49ff46931b74c9

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:04

Target

68c943889fba86bc89f1c1ca08a5d0b0_NeikiAnalytics.dll
Size

6KB
MD5

68c943889fba86bc89f1c1ca08a5d0b0
SHA1

5b076afe4c454811de3a3b4226b1ed11c1bd2094
SHA256

69378d3abf4008786e83175be93093e98d4255bdba173787dd49ff46931b74c9
SHA512

a36ab6a18885690e3da4ef8b241e9b4a42536b35e6e5b0292a96dd00845014a294109073aa581db050d124b77502459e1c423b8be442a33faa9ab1b4ca360925
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIF8Zhex/ITIb9mYgTxNqtlA:unSR6bgYTy/ITawtTxNqTA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1908 wrote to memory of 1740	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1740	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1740	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1740	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1740	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1740	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1740	1908	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68c943889fba86bc89f1c1ca08a5d0b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68c943889fba86bc89f1c1ca08a5d0b0_NeikiAnalytics.dll,#1
2⤵
PID:1740