ab2822a7c0c2170c01435bc4f0b007ea76e812d73078431e8e7c58359e1de19d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 08:02

Target

4bedfc2ea5783aebe33c5778f6162900_NeikiAnalytics.dll
Size

39KB
MD5

4bedfc2ea5783aebe33c5778f6162900
SHA1

518964463931069fc0e5b53b121a63fe61b8dbe3
SHA256

ab2822a7c0c2170c01435bc4f0b007ea76e812d73078431e8e7c58359e1de19d
SHA512

28e175a1dddaf26b4bb01885a356d5b5ebbe4a0a9156016e8a78560b6ed4837f216335d5bc8f9d548f87e971ffda415bec8c1bd7a556b58fdce20cf67ad4ea2d
SSDEEP

384:tdhp4soBqNPkZN0U9cVjAc1nw8eXzzlzYV4UZJuQsKgGPWjoWQLVx4wl1q//0Gfd:tdb1kZNTyVj98YyIxsPOUf8iPHdz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2480	2416	rundll32.exe	28
PID 2416 wrote to memory of 2480	2416	rundll32.exe	28
PID 2416 wrote to memory of 2480	2416	rundll32.exe	28
PID 2416 wrote to memory of 2480	2416	rundll32.exe	28
PID 2416 wrote to memory of 2480	2416	rundll32.exe	28
PID 2416 wrote to memory of 2480	2416	rundll32.exe	28
PID 2416 wrote to memory of 2480	2416	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bedfc2ea5783aebe33c5778f6162900_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bedfc2ea5783aebe33c5778f6162900_NeikiAnalytics.dll,#1
  2⤵
  PID:2480