7a1bc776d10a391b8cea87bd4801cb39f48720b298ee37c9420e633aee8869fd

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 13:32

Target

7a1bc776d10a391b8cea87bd4801cb39f48720b298ee37c9420e633aee8869fd_NeikiAnalytics.dll
Size

75KB
MD5

e1f9fdc7bea55c5d3dd795128261dc30
SHA1

816a144b426aa6ac33690405a6f491bfaa90e25e
SHA256

7a1bc776d10a391b8cea87bd4801cb39f48720b298ee37c9420e633aee8869fd
SHA512

2177729bb63d2587e1f1004a4ef7cd909d61d2b87c45274e16723679d7dcd6002a9121b2f4a952930f6f5ff4e5d4d3d7aae54c3690ab2243c82c46f01142267a
SSDEEP

1536:kCJJQO3pulZYBtbnJieRuLF204M7bHPBZ7HxI7VxD:kqv4bYXbn1uLF204M7bHJZir

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2068	2200	rundll32.exe	28
PID 2200 wrote to memory of 2068	2200	rundll32.exe	28
PID 2200 wrote to memory of 2068	2200	rundll32.exe	28
PID 2200 wrote to memory of 2068	2200	rundll32.exe	28
PID 2200 wrote to memory of 2068	2200	rundll32.exe	28
PID 2200 wrote to memory of 2068	2200	rundll32.exe	28
PID 2200 wrote to memory of 2068	2200	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a1bc776d10a391b8cea87bd4801cb39f48720b298ee37c9420e633aee8869fd_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a1bc776d10a391b8cea87bd4801cb39f48720b298ee37c9420e633aee8869fd_NeikiAnalytics.dll,#1
  2⤵
  PID:2068