fa7960e6d100cb357d185b23608322e00658036d4bc24862cddc47cbf9ca63af

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 05:18

Target

8eed7e70fd530a774659898d986441d0_NeikiAnalytics.dll
Size

327KB
MD5

8eed7e70fd530a774659898d986441d0
SHA1

a26ed619aa1f5a8c29fe2e51297e24e528c21b2b
SHA256

fa7960e6d100cb357d185b23608322e00658036d4bc24862cddc47cbf9ca63af
SHA512

40652a568a59485341ca47df3e871f46455142fa4e8818e1f47393e8da73bed7c208a0bceb349c532cdad55d5332c84165d4e99ec309d9a75221a4ed3bb3a9b0
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8eed7e70fd530a774659898d986441d0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8eed7e70fd530a774659898d986441d0_NeikiAnalytics.dll,#1
  2⤵
  PID:2204