870cd372c3e6c1fbb396dce3f7805b2a4b79a8666d3eb5e2532f7fdee6c9a550

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 05:13

Target

870cd372c3e6c1fbb396dce3f7805b2a4b79a8666d3eb5e2532f7fdee6c9a550_NeikiAnalytics.dll
Size

2.5MB
MD5

ebe844b5c4d2d6abbd74a1786e88ef40
SHA1

cfed82807ddd0e810d701cc248761d6dd2f8118c
SHA256

870cd372c3e6c1fbb396dce3f7805b2a4b79a8666d3eb5e2532f7fdee6c9a550
SHA512

c606016af1f75bb5ecc3018d0f119b16285271a8059e230b5765b64f124e9b44ede2c487fa65da38f8c7e446bb3e5490294db7bac4b16f1bc94d180dd68db39f
SSDEEP

24576:YRT7Ikfb+PskvV3HtFbJzLfQ3x2nSJl8+rsuG9rw7SunKCvrNlLg4McHSN9LB6cz:Aflb+PssI97VVyg0WmdNrTK3S

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2212	2200	rundll32.exe	28
PID 2200 wrote to memory of 2212	2200	rundll32.exe	28
PID 2200 wrote to memory of 2212	2200	rundll32.exe	28
PID 2200 wrote to memory of 2212	2200	rundll32.exe	28
PID 2200 wrote to memory of 2212	2200	rundll32.exe	28
PID 2200 wrote to memory of 2212	2200	rundll32.exe	28
PID 2200 wrote to memory of 2212	2200	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\870cd372c3e6c1fbb396dce3f7805b2a4b79a8666d3eb5e2532f7fdee6c9a550_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\870cd372c3e6c1fbb396dce3f7805b2a4b79a8666d3eb5e2532f7fdee6c9a550_NeikiAnalytics.dll,#1
  2⤵
  PID:2212