564c2dd4d44cb833822a3bff636f9b4d28c7b68bd7fcf724a21b7d2727f1f917

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 01:08

Target

5de89cdf224d32d9c5842240786b04d0_NeikiAnalytics.dll
Size

24KB
MD5

5de89cdf224d32d9c5842240786b04d0
SHA1

dba07a5432baa1908f960098ca0e7e0b6666b1f1
SHA256

564c2dd4d44cb833822a3bff636f9b4d28c7b68bd7fcf724a21b7d2727f1f917
SHA512

c015ea2da78bd7143a0e0b307080cd8a14dc4ec23bd42df912c360692aaeeee100b98b7ea189eaee2f6a6422f70a31d8a6304ce204a124b3664370d5dae2198d
SSDEEP

768:uA/cyLiT4/YRtavXaFJvJPMIG79Xdc+4nS:uAs4yiwJvJUd79u+4nS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2060	1252	rundll32.exe	28
PID 1252 wrote to memory of 2060	1252	rundll32.exe	28
PID 1252 wrote to memory of 2060	1252	rundll32.exe	28
PID 1252 wrote to memory of 2060	1252	rundll32.exe	28
PID 1252 wrote to memory of 2060	1252	rundll32.exe	28
PID 1252 wrote to memory of 2060	1252	rundll32.exe	28
PID 1252 wrote to memory of 2060	1252	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5de89cdf224d32d9c5842240786b04d0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5de89cdf224d32d9c5842240786b04d0_NeikiAnalytics.dll,#1
  2⤵
  PID:2060