6b260955545a759840e1172c90db4bad9298f6c26728883462abb2339504d314

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 01:20

Target

c94e8d866f544a98ec45a81f0863cd00_NeikiAnalytics.dll
Size

45KB
MD5

c94e8d866f544a98ec45a81f0863cd00
SHA1

6ad37fd2c2c63d1fa138ca4df2b84556bcce27a9
SHA256

6b260955545a759840e1172c90db4bad9298f6c26728883462abb2339504d314
SHA512

444299b31900884bb7c339fe1c5f7e79a3ac3d4be0c18b50a861646aae37ce849990b384b17a726ceb1026819cb84d25a34a3d12bea072723000f881c3d4534d
SSDEEP

768:PaJ+W1T5ScjX8RmplDx+TSX16C/hnGE413wkwjV:/Wt5ScYRmSTwhGEowjV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28
PID 1756 wrote to memory of 1724	1756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c94e8d866f544a98ec45a81f0863cd00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c94e8d866f544a98ec45a81f0863cd00_NeikiAnalytics.dll,#1
  2⤵
  PID:1724