786a97625619a6b2fbdcead02e91df799c07a22659795bf7adcedc862f30a929

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 01:05

Target

87539cc5763cebd85f927e9a622607e0_NeikiAnalytics.dll
Size

463KB
MD5

87539cc5763cebd85f927e9a622607e0
SHA1

0100f8c9c31a44ae0be7d62587cf0b17ba50351e
SHA256

786a97625619a6b2fbdcead02e91df799c07a22659795bf7adcedc862f30a929
SHA512

9b1a188d95731d0c27efaa36be62f8b59a6bc60bbf86956f93340c30f40330536c8ad4e0184227b1e4964cbfa902efe864f3f7d7275e6e0fc097991b23ae35b0
SSDEEP

12288:o2nv8ccS8cc/Z/cs8Ccs8/yjvAr+dT4octaBjvrEH7l:o2nv8ccS8cc/Z/cs8Ccs8/yVG6rEH7l

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2816	2768	rundll32.exe	28
PID 2768 wrote to memory of 2816	2768	rundll32.exe	28
PID 2768 wrote to memory of 2816	2768	rundll32.exe	28
PID 2768 wrote to memory of 2816	2768	rundll32.exe	28
PID 2768 wrote to memory of 2816	2768	rundll32.exe	28
PID 2768 wrote to memory of 2816	2768	rundll32.exe	28
PID 2768 wrote to memory of 2816	2768	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87539cc5763cebd85f927e9a622607e0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87539cc5763cebd85f927e9a622607e0_NeikiAnalytics.dll,#1
  2⤵
  PID:2816