0aa9d220af608a272f936f260a9e0815adf8c1441311ac052c4e8a153501d739

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 21:20

Target

0aa9d220af608a272f936f260a9e0815adf8c1441311ac052c4e8a153501d739_NeikiAnalytics.dll
Size

2.0MB
MD5

d6dbe6220056c43ba132f07f36da5370
SHA1

5a28bbe83ddd58317fb94f880e532a5ed2cd5292
SHA256

0aa9d220af608a272f936f260a9e0815adf8c1441311ac052c4e8a153501d739
SHA512

93a1186327d9fc3fd838dc2f74488bd143a4dd21346f95c02ba091d04f642f2d5d61dd3e2b22215b4ef923d84edb0832d639f65f1dc867bf09f0768a933ee99a
SSDEEP

49152:QF+oSsjsOxPTjVZNaMHPfnSMs7P78Z4wtD:YSsLxfVffHHSMs/cFp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2972	2548	rundll32.exe	28
PID 2548 wrote to memory of 2972	2548	rundll32.exe	28
PID 2548 wrote to memory of 2972	2548	rundll32.exe	28
PID 2548 wrote to memory of 2972	2548	rundll32.exe	28
PID 2548 wrote to memory of 2972	2548	rundll32.exe	28
PID 2548 wrote to memory of 2972	2548	rundll32.exe	28
PID 2548 wrote to memory of 2972	2548	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0aa9d220af608a272f936f260a9e0815adf8c1441311ac052c4e8a153501d739_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0aa9d220af608a272f936f260a9e0815adf8c1441311ac052c4e8a153501d739_NeikiAnalytics.dll,#1
  2⤵
  PID:2972