9e94792a55168006be165f65ad7ff46ac9bcca2db23ce3f2e3bd4cdbfd9e7f54

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 15:26

Target

9e94792a55168006be165f65ad7ff46ac9bcca2db23ce3f2e3bd4cdbfd9e7f54_NeikiAnalytics.dll
Size

6KB
MD5

be6b8e6d13a1bd09beed9572d3421c10
SHA1

3c79c628a5c0dbb027e588e652a39602866a1fd1
SHA256

9e94792a55168006be165f65ad7ff46ac9bcca2db23ce3f2e3bd4cdbfd9e7f54
SHA512

080e1024d6889072458d6dcaff6c9f87bc24b8709d279b151f4133e3f5bacf06b15c18fa77ca31353d961a6f8006b189f53b47e9725ab6eefb839e3328f28b74
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIDVaa8Vd++1zPnmqs+V6AZm1:unSR6bgYO98Vd+Ynm5aZm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e94792a55168006be165f65ad7ff46ac9bcca2db23ce3f2e3bd4cdbfd9e7f54_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e94792a55168006be165f65ad7ff46ac9bcca2db23ce3f2e3bd4cdbfd9e7f54_NeikiAnalytics.dll,#1
  2⤵
  PID:2356