38f086b3e5a189843d2c884db6fa2745099e9c11863069150021ef9bcc0ef03d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 05:31

Target

38f086b3e5a189843d2c884db6fa2745099e9c11863069150021ef9bcc0ef03d_NeikiAnalytics.dll
Size

6KB
MD5

35328b2ae7d86ef738a526679dac11e0
SHA1

fe595a418481fd58a752dad0b95945d7eadb58dc
SHA256

38f086b3e5a189843d2c884db6fa2745099e9c11863069150021ef9bcc0ef03d
SHA512

54b2ce2752c95debe977078ad64b5b5882d90cb65adcf388609a92ea8e44f0a3fe00f776209bd1e3ff6870965e05f01233f3586482a852aac61066068bd79b71
SSDEEP

96:DixZjmjtjd8jPjcZGR5TISITJxJToe3VuGc3Qt3odw7Sa8uyAy:unSR6bgYque3k3634B

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28
PID 2432 wrote to memory of 1344	2432	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38f086b3e5a189843d2c884db6fa2745099e9c11863069150021ef9bcc0ef03d_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38f086b3e5a189843d2c884db6fa2745099e9c11863069150021ef9bcc0ef03d_NeikiAnalytics.dll,#1
  2⤵
  PID:1344