1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 22:48

Target

1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll
Size

490KB
MD5

31a1dbdd689a25d9edac91858bada050
SHA1

4f1f01006d1e9e6fcc2d8b54e2cee4a623213a70
SHA256

1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed
SHA512

a615f322a1e8298150441a002ec94a71e75d9c1042a6364166bf9902d99f3d847e1b6dcb2a43f9d1d39da21fc5d11551036d83c2b0fb0403c6ded6e59272a76a
SSDEEP

12288:pTkyQAdz5tk4Wk6Yvs19rTSiKU84g9o7QGy0gM:b9VWJ1dPRuo7QGY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2096	2820	rundll32.exe	28
PID 2820 wrote to memory of 2096	2820	rundll32.exe	28
PID 2820 wrote to memory of 2096	2820	rundll32.exe	28
PID 2820 wrote to memory of 2096	2820	rundll32.exe	28
PID 2820 wrote to memory of 2096	2820	rundll32.exe	28
PID 2820 wrote to memory of 2096	2820	rundll32.exe	28
PID 2820 wrote to memory of 2096	2820	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll,#1
  2⤵
  PID:2096