83b71fee3b40c6dd3825bc6cd826b20866c300ec1120694e1d66b60d1d41a37d

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 22:59

Target

0a2f2a904eff14c196ddc6a26c63eea0_NeikiAnalytics.dll
Size

23KB
MD5

0a2f2a904eff14c196ddc6a26c63eea0
SHA1

fe3d0dc9dc2c9ea56daf9d59102a4c3d834bef3f
SHA256

83b71fee3b40c6dd3825bc6cd826b20866c300ec1120694e1d66b60d1d41a37d
SHA512

0cbe8440205cab6b81dd9d8eb1b93d08b99876c270a62d15beb9b61e2ad792a610e38fa886c306e1ecbc0076f1747d90e781fec6892a099d2ed2c5e3c4aa6ec6
SSDEEP

384:Iq5fF9uLUzO6cHDo7UnWziLs8og3MUh8/jiS7nwqkCoTbsGxVVMSvZR0Ja0:XhvuLAc4UWeLsy3M1jiSUCoPsGzVMSvM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2904	2888	rundll32.exe	28
PID 2888 wrote to memory of 2904	2888	rundll32.exe	28
PID 2888 wrote to memory of 2904	2888	rundll32.exe	28
PID 2888 wrote to memory of 2904	2888	rundll32.exe	28
PID 2888 wrote to memory of 2904	2888	rundll32.exe	28
PID 2888 wrote to memory of 2904	2888	rundll32.exe	28
PID 2888 wrote to memory of 2904	2888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a2f2a904eff14c196ddc6a26c63eea0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a2f2a904eff14c196ddc6a26c63eea0_NeikiAnalytics.dll,#1
  2⤵
  PID:2904