255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 22:17 UTC

Target

255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1_NeikiAnalytics.dll
Size

776KB
MD5

8d74d8fa9dec5987397de5bb957d05a0
SHA1

876d2819c88690fd5462902db74661cae82e9e3f
SHA256

255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1
SHA512

43c8c193b559f278cfba72d1746d4777accc11c2ea0f23bdde2eb4383419cc5ee96f21b1c2147558d24aa34d3459e447404ab5b5aeae9119191f0412c69530bc
SSDEEP

12288:/PzsnMRoHNbDc9mp1lfabK2xFGlyO1UuOk+wgdxN34gAGhqG4oEdYspVC:/CDCmpffoFxFO1Y13ABG4Ps

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2000	2912	rundll32.exe	28
PID 2912 wrote to memory of 2000	2912	rundll32.exe	28
PID 2912 wrote to memory of 2000	2912	rundll32.exe	28
PID 2912 wrote to memory of 2000	2912	rundll32.exe	28
PID 2912 wrote to memory of 2000	2912	rundll32.exe	28
PID 2912 wrote to memory of 2000	2912	rundll32.exe	28
PID 2912 wrote to memory of 2000	2912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1_NeikiAnalytics.dll,#1
  2⤵
  PID:2000