298dc0add0a6f55df05bda01c6258bd79da63ef8fc8d59f2cee8e5c0cde0393a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
26-06-2024 00:13

Target

298dc0add0a6f55df05bda01c6258bd79da63ef8fc8d59f2cee8e5c0cde0393a_NeikiAnalytics.dll
Size

7KB
MD5

e2737408c24a3b2b4c3be0bff7f4c220
SHA1

2799276b180f025b1dc5fc5ea4cff90a0b092a15
SHA256

298dc0add0a6f55df05bda01c6258bd79da63ef8fc8d59f2cee8e5c0cde0393a
SHA512

2e22739c5c4b9568e1a38288bd03a704d5082520be79b486f1b2a5e2565b08fefee3bbd5ed0c3555f03410a889c15981b87f56847c096e1943e3a17db6c0a082
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWsbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPGq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28
PID 2172 wrote to memory of 2192	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\298dc0add0a6f55df05bda01c6258bd79da63ef8fc8d59f2cee8e5c0cde0393a_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\298dc0add0a6f55df05bda01c6258bd79da63ef8fc8d59f2cee8e5c0cde0393a_NeikiAnalytics.dll,#1
  2⤵
  PID:2192