de246f9b7071aae3087e541835f38fe1fd5c1b1633d024adeba3838fd3a96713

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 12:58

Target

c9f138e3671582f0476a062fdfe77530_NeikiAnalytics.dll
Size

5KB
MD5

c9f138e3671582f0476a062fdfe77530
SHA1

224f1b66612c357ecbf2cffc6174b6ab0c01a0a9
SHA256

de246f9b7071aae3087e541835f38fe1fd5c1b1633d024adeba3838fd3a96713
SHA512

968719de286c8066d6294959248dfbc60d2a2dba89dfc6e4b9bf81a7a5b6abb7693e4161a62bba9d6b6af13607a55e7375c391c5d7056230e106148395951acc
SSDEEP

96:hy859x0P8MadRb+ucYuEhfg7Og8BaMCNQ72N+ik7GDo9LG:F5oL+Rb+ucYuEhfg7Og8BaMCNQ72N+iB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9f138e3671582f0476a062fdfe77530_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9f138e3671582f0476a062fdfe77530_NeikiAnalytics.dll,#1
  2⤵
  PID:2488