dba1c68c6baf3cd63ba350e66c5d547762806b82f84a47de8b0eeb98d82bf93e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 16:12

Target

b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll
Size

7KB
MD5

b21a84ec87659405410ddcc09c91ef90
SHA1

2f0404bf78971f5cdd89e743e2cfdd3ff8821b68
SHA256

dba1c68c6baf3cd63ba350e66c5d547762806b82f84a47de8b0eeb98d82bf93e
SHA512

f28bde91250f5cc2bb5cb44915710df76947bfc0c5980a2d01ea4fafbafae1a77c6cc02d18c937342edc604ffc053731b65b1facb18453bcb8df15c43dd9b74d
SSDEEP

192:unSR6bgYnjkHxvxt6ruzLtkeZCuZDOg828szvbv:uZAx24zZCuZD+9Wbv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2260	2064	rundll32.exe	28
PID 2064 wrote to memory of 2260	2064	rundll32.exe	28
PID 2064 wrote to memory of 2260	2064	rundll32.exe	28
PID 2064 wrote to memory of 2260	2064	rundll32.exe	28
PID 2064 wrote to memory of 2260	2064	rundll32.exe	28
PID 2064 wrote to memory of 2260	2064	rundll32.exe	28
PID 2064 wrote to memory of 2260	2064	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll,#1
  2⤵
  PID:2260