c1126f5ea55932872663a27e0b01561871d1b6d3f50fc7f50a775f349f7fb7f8

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 08:49

Target

1ac89ab9f044a477576cf931162310f0_NeikiAnalytics.dll
Size

753KB
MD5

1ac89ab9f044a477576cf931162310f0
SHA1

ebefbe3028753289be04eda299ac2c7071d19b91
SHA256

c1126f5ea55932872663a27e0b01561871d1b6d3f50fc7f50a775f349f7fb7f8
SHA512

ce4c96b0e1c8af30804adfbf037d2761770b03eec6197fa873735e35527ffb473b41e81cd2e48019f8172458ff109588db3ebf2354653918372ab1da9162a46f
SSDEEP

12288:RWOINHuqdTvkLOLvnvUy6TS4FQ9xZEAOBUVmiiN9rYQJBx6LJz8Lkc:bJqdQL6n8y6On90lNRJBxE4gc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2440	1836	rundll32.exe	28
PID 1836 wrote to memory of 2440	1836	rundll32.exe	28
PID 1836 wrote to memory of 2440	1836	rundll32.exe	28
PID 1836 wrote to memory of 2440	1836	rundll32.exe	28
PID 1836 wrote to memory of 2440	1836	rundll32.exe	28
PID 1836 wrote to memory of 2440	1836	rundll32.exe	28
PID 1836 wrote to memory of 2440	1836	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ac89ab9f044a477576cf931162310f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ac89ab9f044a477576cf931162310f0_NeikiAnalytics.dll,#1
  2⤵
  PID:2440