54bc01a4c418789e2bf19f3862e65f7f25ac6fe3ee436cd79802d172060b1246

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 02:56

Target

54bc01a4c418789e2bf19f3862e65f7f25ac6fe3ee436cd79802d172060b1246_NeikiAnalytics.dll
Size

165KB
MD5

253c5c9e17eb333b26d361e7fc5e7e80
SHA1

442ba1cb66df0121b489b2ed4c3453f3ca12ae25
SHA256

54bc01a4c418789e2bf19f3862e65f7f25ac6fe3ee436cd79802d172060b1246
SHA512

2a9ae437895a18ed99b6892a05895d6c098c685879adcc92b09630fb0681a7af536cf9178af0611c0ec9bc946f0d2a003db1fe8588349e9bb0bc7085faef21b1
SSDEEP

3072:9U+3BpslZzJtx6/4cYMPRPZ+4Px+hPXKMFBm7hp:9UkKtx6/4YPZ+zhPXKqm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28
PID 620 wrote to memory of 1712	620	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54bc01a4c418789e2bf19f3862e65f7f25ac6fe3ee436cd79802d172060b1246_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\54bc01a4c418789e2bf19f3862e65f7f25ac6fe3ee436cd79802d172060b1246_NeikiAnalytics.dll,#1
  2⤵
  PID:1712