681ec62a54d6037d4bbc56bd0532153c40746a5d3dd894acf304eca6a067d1cb

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 09:00

Target

3c57d4a710cf1c72dd7be4788338b6c0_NeikiAnalytics.dll
Size

395KB
MD5

3c57d4a710cf1c72dd7be4788338b6c0
SHA1

07e037bf310e0cc6538f3b0b75529832427183e0
SHA256

681ec62a54d6037d4bbc56bd0532153c40746a5d3dd894acf304eca6a067d1cb
SHA512

3d1319d3383542ce017b518de7aa3861312773dc20b991e794be90e4be96e521d0856ed33b79cba34357a780fdab83514a265e68ca0908bc7e55f96509575507
SSDEEP

6144:ym4LBtqDgwJFvaUnS9iuVBYVduXdFylzHYewK54alncu5ExFCcfV50DErsAOggMN:G2L0ZiuV6Vc/ElckEnh4Db2gM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2976	2956	rundll32.exe	28
PID 2956 wrote to memory of 2976	2956	rundll32.exe	28
PID 2956 wrote to memory of 2976	2956	rundll32.exe	28
PID 2956 wrote to memory of 2976	2956	rundll32.exe	28
PID 2956 wrote to memory of 2976	2956	rundll32.exe	28
PID 2956 wrote to memory of 2976	2956	rundll32.exe	28
PID 2956 wrote to memory of 2976	2956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c57d4a710cf1c72dd7be4788338b6c0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c57d4a710cf1c72dd7be4788338b6c0_NeikiAnalytics.dll,#1
  2⤵
  PID:2976