556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 10:42 UTC

Target

556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll
Size

5KB
MD5

4438455f94f5e7f7de97c95898724940
SHA1

012a535e1df0d65a1d0b3746bb810ac5c87e5da4
SHA256

556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa
SHA512

e6d0b59011d8485615a201bec92b24cd29f4fbd4169b1612419b3ebcc7d5f0962313834a8d5e9dd4cfd7681a990183e274de65a0eec661b764721dae1332d939
SSDEEP

96:hy859x0P8MaYM/VvCE24pR4JOpnn2K/a5AG6l6Uvs:F5oL4tvBpR4JOp2KS2Gg6Uv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 3068	2276	rundll32.exe	28
PID 2276 wrote to memory of 3068	2276	rundll32.exe	28
PID 2276 wrote to memory of 3068	2276	rundll32.exe	28
PID 2276 wrote to memory of 3068	2276	rundll32.exe	28
PID 2276 wrote to memory of 3068	2276	rundll32.exe	28
PID 2276 wrote to memory of 3068	2276	rundll32.exe	28
PID 2276 wrote to memory of 3068	2276	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll,#1
  2⤵
  PID:3068