80e9e2a015b4e61fa84951d1a89cd0609489c14f18c8cd5b474443ef20438de8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 07:41

Target

49426406b557aec0a5b0268cc4c60c20_NeikiAnalytics.dll
Size

329KB
MD5

49426406b557aec0a5b0268cc4c60c20
SHA1

8259b5039ee382f40b32200834b1f58afe774188
SHA256

80e9e2a015b4e61fa84951d1a89cd0609489c14f18c8cd5b474443ef20438de8
SHA512

3cca90929ca2d51bed9a7a866c5382842ce898a3bb3f3c14ab1caa732dd732245b31386bf6f151978969a8499df90ad5ede8c22533daebc5119775634ae45e36
SSDEEP

6144:RLmWnuNrNVUvPEmRyWHj8MVloEh5QLxCSPGIsTPNctYy6egz8zZ4SUcXgZdoi:RLmWuNrNVUXEYDQL5JsL+2DN8F4SUyLi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1460	2088	rundll32.exe	28
PID 2088 wrote to memory of 1460	2088	rundll32.exe	28
PID 2088 wrote to memory of 1460	2088	rundll32.exe	28
PID 2088 wrote to memory of 1460	2088	rundll32.exe	28
PID 2088 wrote to memory of 1460	2088	rundll32.exe	28
PID 2088 wrote to memory of 1460	2088	rundll32.exe	28
PID 2088 wrote to memory of 1460	2088	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49426406b557aec0a5b0268cc4c60c20_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49426406b557aec0a5b0268cc4c60c20_NeikiAnalytics.dll,#1
  2⤵
  PID:1460