2ad32ce97080c30b22ff49651d045ddf59f7af5b6f79f50cfac21cdbf115d044

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 04:15

Target

a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll
Size

81KB
MD5

a48930ad049225365660c5a4cef4ed20
SHA1

7fe7c8da23a7e9c8865ac4243cbcccd22e021c92
SHA256

2ad32ce97080c30b22ff49651d045ddf59f7af5b6f79f50cfac21cdbf115d044
SHA512

52df21ef9ec057fde6bc94576279a0e308795bc716591a9c2d9d622c6123488cb8da3d88610c43e38b1e58c171b86c5ca6cbacc3b483eca9da3708bbf236b230
SSDEEP

1536:VByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8W5:wv4JKXTx71wnArSsXFpeXq8W5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1248	2356	rundll32.exe	28
PID 2356 wrote to memory of 1248	2356	rundll32.exe	28
PID 2356 wrote to memory of 1248	2356	rundll32.exe	28
PID 2356 wrote to memory of 1248	2356	rundll32.exe	28
PID 2356 wrote to memory of 1248	2356	rundll32.exe	28
PID 2356 wrote to memory of 1248	2356	rundll32.exe	28
PID 2356 wrote to memory of 1248	2356	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll,#1
  2⤵
  PID:1248