574e3108f8b0fc62a2c3b13e89ac400c4c3075f68f0293c535b20afb0c96c673

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 04:02

Target

8cc36b9494153ea0e2383f83e1ad8b40_NeikiAnalytics.dll
Size

6KB
MD5

8cc36b9494153ea0e2383f83e1ad8b40
SHA1

fdd3a3e327bbb664c0b6145dabec2aa26ae4dca2
SHA256

574e3108f8b0fc62a2c3b13e89ac400c4c3075f68f0293c535b20afb0c96c673
SHA512

9946e3de3c8c9bfb5c77a7127e15bb3e5ca15299e17e48f33f544b4ce72669fbde46e4b683af0b958bc7a4b9d5b37bd69490e04313e031693a6906497264cf18
SSDEEP

96:nEY2RrF1eqwi4WTTvYbq/D3UzqhMxwFFmUc8eLo6NtT8FexLi:EHRh1eppW/QcoehdqUcN8GT+epi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cc36b9494153ea0e2383f83e1ad8b40_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cc36b9494153ea0e2383f83e1ad8b40_NeikiAnalytics.dll,#1
  2⤵
  PID:1752