25c5f2745ce6b402d6c6b3f3aa5790868837bee9af5bded7e458539d2bd7d15e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:05

Target

742ea93cdff1f9ab1e4c77bbc1996840_NeikiAnalytics.dll
Size

6KB
MD5

742ea93cdff1f9ab1e4c77bbc1996840
SHA1

6d0e95e8392037b1741cafd1cd025e152d7a312e
SHA256

25c5f2745ce6b402d6c6b3f3aa5790868837bee9af5bded7e458539d2bd7d15e
SHA512

cdfed06bddece2ab261270aaa1d7ebd63ca3c52636854dc833c812f1fa9df17a8e22f0c6f837f64a400f7779d83438b906e7f37bc7ac094fdb5c4e10f1f58377
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEq+AArajdtRWGfajk11gsKy5pLpL+Mac5yq5:hy859x0P8MaE5t/71Lsbw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2088 wrote to memory of 1780	2088	rundll32.exe	rundll32.exe
PID 2088 wrote to memory of 1780	2088	rundll32.exe	rundll32.exe
PID 2088 wrote to memory of 1780	2088	rundll32.exe	rundll32.exe
PID 2088 wrote to memory of 1780	2088	rundll32.exe	rundll32.exe
PID 2088 wrote to memory of 1780	2088	rundll32.exe	rundll32.exe
PID 2088 wrote to memory of 1780	2088	rundll32.exe	rundll32.exe
PID 2088 wrote to memory of 1780	2088	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\742ea93cdff1f9ab1e4c77bbc1996840_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\742ea93cdff1f9ab1e4c77bbc1996840_NeikiAnalytics.dll,#1
2⤵
PID:1780