3a52fe54c9c80c508dbbdef7f066f55b473cb4d00b8fc74e6e1dbe24ebd05a2d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 08:11

Target

93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll
Size

5KB
MD5

93f27251de83baa23533e5ad381ee350
SHA1

fb519bdd30cb03346f40a0a33fe11bb2dd0f67e8
SHA256

3a52fe54c9c80c508dbbdef7f066f55b473cb4d00b8fc74e6e1dbe24ebd05a2d
SHA512

6a49bf1ce43804bcc419faaa0ce96040c893fcc795c74f4db34d57bde26341b0af71e88b8e69a81476fc22dd8c8e8b400126d077d12819fa9ff8a524caa7c7a2
SSDEEP

96:hy859x0P8MapRKLEdnYGE12klwUrU7KiYOvPdEm:F5oL40sYGnkJKKO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2056	2856	rundll32.exe	28
PID 2856 wrote to memory of 2056	2856	rundll32.exe	28
PID 2856 wrote to memory of 2056	2856	rundll32.exe	28
PID 2856 wrote to memory of 2056	2856	rundll32.exe	28
PID 2856 wrote to memory of 2056	2856	rundll32.exe	28
PID 2856 wrote to memory of 2056	2856	rundll32.exe	28
PID 2856 wrote to memory of 2056	2856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll,#1
  2⤵
  PID:2056