59ce833da5979df99eaa7b24ce863f584c982473eaa6ff69a6c922f984c6ad23

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 11:20

Target

0cc2da3af6cd78cad86e38b9fbc01970_NeikiAnalytics.dll
Size

268KB
MD5

0cc2da3af6cd78cad86e38b9fbc01970
SHA1

0423531c9032fe07f6ea252d3b7a76c47585b5fb
SHA256

59ce833da5979df99eaa7b24ce863f584c982473eaa6ff69a6c922f984c6ad23
SHA512

9962edf651cdffe72bf791e7b157847206be9849168dfa15f5ad8413dbc4403bd0a2eefe863ee1703bfc1accf18c34815a6d7de6bc9b62221aa62638168bbbee
SSDEEP

3072:tUVw6s7QkHs1jFLgqRzi414qcSeDBbiG3ufag3DYcC+3OhvFcKFHh0Oom/:tgPkM1xgqRG+igz5BA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2908	2504	rundll32.exe	28
PID 2504 wrote to memory of 2908	2504	rundll32.exe	28
PID 2504 wrote to memory of 2908	2504	rundll32.exe	28
PID 2504 wrote to memory of 2908	2504	rundll32.exe	28
PID 2504 wrote to memory of 2908	2504	rundll32.exe	28
PID 2504 wrote to memory of 2908	2504	rundll32.exe	28
PID 2504 wrote to memory of 2908	2504	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc2da3af6cd78cad86e38b9fbc01970_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc2da3af6cd78cad86e38b9fbc01970_NeikiAnalytics.dll,#1
  2⤵
  PID:2908