9120c37b78eb1b9315addcbab99250d3f5fc10f18ad2000b06bf831c455d73c9

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 09:32

Target

9120c37b78eb1b9315addcbab99250d3f5fc10f18ad2000b06bf831c455d73c9_NeikiAnalytics.dll
Size

2.7MB
MD5

5b5902c5e50b93a4c12b35c47e4bc9a0
SHA1

0f74ae51a9cf1a1262e950b716d35de75c35480f
SHA256

9120c37b78eb1b9315addcbab99250d3f5fc10f18ad2000b06bf831c455d73c9
SHA512

f8f8ebe697359045c042961df285630f3a8cef0a5880552925d2847d562108c57c48e896584ddef21c5c249d19479f43bdea3fd5d7b3a427e8217a144f68ae75
SSDEEP

12288:e7IBwR09cHAI0Pof3sv35Qjs8q8hnnEKA5ej7XyPPPPPPPPPPPPPPPPPPPPPPPPz:pwR0GaWy8JnCMVT9vIEcIOEJlqN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2088	1960	rundll32.exe	28
PID 1960 wrote to memory of 2088	1960	rundll32.exe	28
PID 1960 wrote to memory of 2088	1960	rundll32.exe	28
PID 1960 wrote to memory of 2088	1960	rundll32.exe	28
PID 1960 wrote to memory of 2088	1960	rundll32.exe	28
PID 1960 wrote to memory of 2088	1960	rundll32.exe	28
PID 1960 wrote to memory of 2088	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9120c37b78eb1b9315addcbab99250d3f5fc10f18ad2000b06bf831c455d73c9_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9120c37b78eb1b9315addcbab99250d3f5fc10f18ad2000b06bf831c455d73c9_NeikiAnalytics.dll,#1
  2⤵
  PID:2088