aea29242e0b69bee9c342b2d260065a95d36d6b2db67793bf8a23c95b95e8cfb

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 03:40

Target

33f987f58dcc8834e8e88e2df32e89f0_NeikiAnalytics.dll
Size

13KB
MD5

33f987f58dcc8834e8e88e2df32e89f0
SHA1

fd7b1713ed2a66c790856bb678eb2ea1f159b65a
SHA256

aea29242e0b69bee9c342b2d260065a95d36d6b2db67793bf8a23c95b95e8cfb
SHA512

7759af7a0ba244eb18c546457dc5cb50373d599c0bd6a9b1c69be3fe299fcaba85c5921f8c5da83577c2c7acd66e78619d2b88c30d801ece8200c824da635844
SSDEEP

192:E7QdNEknZQ3XLPVlD6NZf1KUl2ryHzhvEjtlAur9ZCspE+TMArLXA:E7QHhe7PVlkfQCT2UHeM4Q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 2056	1284	rundll32.exe	28
PID 1284 wrote to memory of 2056	1284	rundll32.exe	28
PID 1284 wrote to memory of 2056	1284	rundll32.exe	28
PID 1284 wrote to memory of 2056	1284	rundll32.exe	28
PID 1284 wrote to memory of 2056	1284	rundll32.exe	28
PID 1284 wrote to memory of 2056	1284	rundll32.exe	28
PID 1284 wrote to memory of 2056	1284	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33f987f58dcc8834e8e88e2df32e89f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33f987f58dcc8834e8e88e2df32e89f0_NeikiAnalytics.dll,#1
  2⤵
  PID:2056