0edf9202e8da98aaae93b1c0b71f4d8436cfec5bf62c991c786172a8631e01c3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 23:48

Target

0edf9202e8da98aaae93b1c0b71f4d8436cfec5bf62c991c786172a8631e01c3_NeikiAnalytics.dll
Size

6KB
MD5

5d4dff7202d02067eff2979009c4c7b0
SHA1

6243b14f351b1cfc60156bbb6c310234bb8bf491
SHA256

0edf9202e8da98aaae93b1c0b71f4d8436cfec5bf62c991c786172a8631e01c3
SHA512

1d4a2c01b3c06a0a01a75738af246a4ccc0c8b4cf37db25c47ed8fd12af19994a95ea0cbe2c04f6db5669f0b5566315231e9052ac8032180e5c26ec243b352cf
SSDEEP

96:z0QR9B6BvAwbpGgJNO17l66d1QuyxXFNpnJ8lXjzxa8YkDH1D:JR94/bpGS8hQBDLWXRnH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2368	2348	rundll32.exe	28
PID 2348 wrote to memory of 2368	2348	rundll32.exe	28
PID 2348 wrote to memory of 2368	2348	rundll32.exe	28
PID 2348 wrote to memory of 2368	2348	rundll32.exe	28
PID 2348 wrote to memory of 2368	2348	rundll32.exe	28
PID 2348 wrote to memory of 2368	2348	rundll32.exe	28
PID 2348 wrote to memory of 2368	2348	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0edf9202e8da98aaae93b1c0b71f4d8436cfec5bf62c991c786172a8631e01c3_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0edf9202e8da98aaae93b1c0b71f4d8436cfec5bf62c991c786172a8631e01c3_NeikiAnalytics.dll,#1
  2⤵
  PID:2368