b74b796fd3c6e0d342000db09e87668aa670bb576ca01296fd64e779de603445

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 09:24

Target

27527965ed37903482aa7f0db7237720_NeikiAnalytics.dll
Size

60KB
MD5

27527965ed37903482aa7f0db7237720
SHA1

4583875b6a9b04d0325b889b112091f141957d04
SHA256

b74b796fd3c6e0d342000db09e87668aa670bb576ca01296fd64e779de603445
SHA512

ad3a36c71dc7ae422ef7d74fc1a50a7f8fb78523f6af4b765e5bf079bad42ad46b18895cd479f03a51f5a7b4fad9f64aab0bea3752969544fb388e7485522999
SSDEEP

768:1HGJ8nF2UHY1demW7KSxQamnhavjlugRujommh2u/6x:1O7wmW7KUQaWhKusfmef6x

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27527965ed37903482aa7f0db7237720_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27527965ed37903482aa7f0db7237720_NeikiAnalytics.dll,#1
  2⤵
  PID:2136