912e0ab51e159c9ef3ac421ec9b857cdb2feaebcfeac35d63a033794af933ed3

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 09:34

Target

912e0ab51e159c9ef3ac421ec9b857cdb2feaebcfeac35d63a033794af933ed3_NeikiAnalytics.dll
Size

508KB
MD5

6c1467627041516e0866c255c1cc7f20
SHA1

60c7c00c140fcb07bffa691914fcc9542c0c27ef
SHA256

912e0ab51e159c9ef3ac421ec9b857cdb2feaebcfeac35d63a033794af933ed3
SHA512

493de017813a79ee32c17468c1d39ead0b1af08b9110072e5d5298a710b244b7a1cf7f84c9f2cade70fdef57d4934d9dc8cc70dd172ee7535fc669b6710e7cfd
SSDEEP

12288:/0QGFNlVk1ZWYlfCaoCFbfXcl2kxPHSBjvrEH7a+:/0QGFNUntz7rXcllRUrEH7Z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1924	1644	rundll32.exe	28
PID 1644 wrote to memory of 1924	1644	rundll32.exe	28
PID 1644 wrote to memory of 1924	1644	rundll32.exe	28
PID 1644 wrote to memory of 1924	1644	rundll32.exe	28
PID 1644 wrote to memory of 1924	1644	rundll32.exe	28
PID 1644 wrote to memory of 1924	1644	rundll32.exe	28
PID 1644 wrote to memory of 1924	1644	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\912e0ab51e159c9ef3ac421ec9b857cdb2feaebcfeac35d63a033794af933ed3_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\912e0ab51e159c9ef3ac421ec9b857cdb2feaebcfeac35d63a033794af933ed3_NeikiAnalytics.dll,#1
  2⤵
  PID:1924