220989614e65b43d2e3bf20afed36881532019693160fa18fde84fc0377826b1

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 11:07

Target

97b6e2c5ca14659bd376b12d5e47dc40_NeikiAnalytics.dll
Size

5KB
MD5

97b6e2c5ca14659bd376b12d5e47dc40
SHA1

39604e8a1563d598211ad006d1015fc5fcb4ec61
SHA256

220989614e65b43d2e3bf20afed36881532019693160fa18fde84fc0377826b1
SHA512

20bcd8b5ef83aa569633ab566dce4690a0a1ac0dc8c9c8d9bc6194cd2ddf612a6f730799cb875031ca405121040f5ae6e7e389bf62b06104c1399123c4be41df
SSDEEP

96:hy859x0P8MaeYn0S9cfsbHIQfzMvEiuhAXtwv:F5oLun0aLbHIQfzMsiuhAXtwv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2036	2032	rundll32.exe	28
PID 2032 wrote to memory of 2036	2032	rundll32.exe	28
PID 2032 wrote to memory of 2036	2032	rundll32.exe	28
PID 2032 wrote to memory of 2036	2032	rundll32.exe	28
PID 2032 wrote to memory of 2036	2032	rundll32.exe	28
PID 2032 wrote to memory of 2036	2032	rundll32.exe	28
PID 2032 wrote to memory of 2036	2032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97b6e2c5ca14659bd376b12d5e47dc40_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\97b6e2c5ca14659bd376b12d5e47dc40_NeikiAnalytics.dll,#1
  2⤵
  PID:2036