1e929e9fe7ae258091611471adfb62d4fc3a8a685941ce4e7452d6aa8eef9623

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 00:39

Target

1e929e9fe7ae258091611471adfb62d4fc3a8a685941ce4e7452d6aa8eef9623_NeikiAnalytics.dll
Size

6KB
MD5

c2794d5e7e3da03563ad893759a2f0f0
SHA1

31b6d3b2d204259b95511fd668515f47efdca8fd
SHA256

1e929e9fe7ae258091611471adfb62d4fc3a8a685941ce4e7452d6aa8eef9623
SHA512

d8a2d3c8ab8a61d539c8df6d2f3b1071d13ba536c195ac72b3c804f993dcf338392739987ff137bfcb8098ca57ca1ba1a635266189e2df1e3f66506e683bcde9
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0qB+BDq9J5SH:VDa9VUX9bQWKB+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 3068	2100	rundll32.exe	28
PID 2100 wrote to memory of 3068	2100	rundll32.exe	28
PID 2100 wrote to memory of 3068	2100	rundll32.exe	28
PID 2100 wrote to memory of 3068	2100	rundll32.exe	28
PID 2100 wrote to memory of 3068	2100	rundll32.exe	28
PID 2100 wrote to memory of 3068	2100	rundll32.exe	28
PID 2100 wrote to memory of 3068	2100	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e929e9fe7ae258091611471adfb62d4fc3a8a685941ce4e7452d6aa8eef9623_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e929e9fe7ae258091611471adfb62d4fc3a8a685941ce4e7452d6aa8eef9623_NeikiAnalytics.dll,#1
  2⤵
  PID:3068