082c2db178f25c2715a4ef21ce1d09f6dd106257476f6b5645b2cddbee0d69e2

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 03:03

Target

1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll
Size

2.0MB
MD5

1bc51fce95f4cb3a644d1d3a71ba9310
SHA1

f6e5178d52e9d6a396a8c9094cdc3a66410880b4
SHA256

082c2db178f25c2715a4ef21ce1d09f6dd106257476f6b5645b2cddbee0d69e2
SHA512

a700a505137f48dfcc52f92c482f5e5906383647b3c416c9b8cde1faabb4f551762972900bac80a6a2e10d85736d70378183e4985bb89c58f9dc3e1604f3e247
SSDEEP

49152:SE/4nJpHABvG0hM1RPFh5ksHQNU8EJq3RtdBi1:HEeURPFhasHQNU8EJqhrBK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll,#1
  2⤵
  PID:2612