4dc9c9dc9c97c032127f37e56a672c83e8d65a08044a66857202766df924ba39

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 05:54

Target

a773e835c9491db20dfd3216dc6e9450_NeikiAnalytics.dll
Size

692KB
MD5

a773e835c9491db20dfd3216dc6e9450
SHA1

fadf96ad7dba516a4f67a4fab326c3891f60eba3
SHA256

4dc9c9dc9c97c032127f37e56a672c83e8d65a08044a66857202766df924ba39
SHA512

d61a5ede461a5eb3a6e7ebcfa3c71eaf6edbba912c0d81424c5e55e16a431500fcf6be151b1f6b52b3cf180a57df4de3d0cc6f6767bfe23e0c0cc2e1cea36665
SSDEEP

12288:+OZayfIwAn/8Pi6Rstf6O/jQsvcNr4FDgvZc:+OZayet/ksUi2C

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a773e835c9491db20dfd3216dc6e9450_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a773e835c9491db20dfd3216dc6e9450_NeikiAnalytics.dll,#1
  2⤵
  PID:2792