c4a5afb4f7d27d80a7369859b6591fe6e3e8037eb6ceef8d3f3a5dc7cd1adda0

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 07:58

Target

4a2c433d641e6fe09315e8f78d7a62c0_NeikiAnalytics.dll
Size

6KB
MD5

4a2c433d641e6fe09315e8f78d7a62c0
SHA1

46e8bfc252c4cf539d902b08185b4dd3a4e4641a
SHA256

c4a5afb4f7d27d80a7369859b6591fe6e3e8037eb6ceef8d3f3a5dc7cd1adda0
SHA512

df2a73cc8973e5a146c0c3930449d580ef7734cf1c98d40d95560098865b1fe7361e233f567753ef8343be969ba8e7a7a70518be8d1fc6523d04871462055068
SSDEEP

96:nEY2RrF1eqwi4PRluO9TY/Ff59S64MI7g5k5VaJQN:EHRh1eppPRgmo3SnMe8Q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29
PID 1872 wrote to memory of 2136	1872	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a2c433d641e6fe09315e8f78d7a62c0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a2c433d641e6fe09315e8f78d7a62c0_NeikiAnalytics.dll,#1
  2⤵
  PID:2136