f72ed217d4ee00e71efaa005622469d1e216397332c344331fb2684021fb3164

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 00:09

Target

9259efc4d8e93dbb0340989a158844b0_NeikiAnalytics.dll
Size

6KB
MD5

9259efc4d8e93dbb0340989a158844b0
SHA1

af1f8f577fbd41499416011a76cb7f5336266f96
SHA256

f72ed217d4ee00e71efaa005622469d1e216397332c344331fb2684021fb3164
SHA512

9e7ba33d99148d714386b1d6f409a58184ed3ad922ff357a1a5aabd6d0c51387bd0e23bf9634cec049b81034e2097253de8e6a83b0be59892f4c93e89b178837
SSDEEP

96:nEY2RrF1eqwi49EtDOzWM6W62Q/BbO0/WNn:EHRh1eppojMV62gBZ/WN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28
PID 2976 wrote to memory of 2540	2976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9259efc4d8e93dbb0340989a158844b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9259efc4d8e93dbb0340989a158844b0_NeikiAnalytics.dll,#1
  2⤵
  PID:2540