9e7bd7643e3d24818349a3e925e9f789a92332b263e74d7196304ac68f5d1196

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 12:10

Target

3224a0b014e306ea37e8be5ae4c6bca0_NeikiAnalytics.dll
Size

172KB
MD5

3224a0b014e306ea37e8be5ae4c6bca0
SHA1

e0c36a2c2e68edce422758264def7f0180aca3dd
SHA256

9e7bd7643e3d24818349a3e925e9f789a92332b263e74d7196304ac68f5d1196
SHA512

c15d0a5e089d8924280683c493d19a47e7e6f74aa9cd749a2e64b37496d2a8e93ba4e24755063edd58bf4ff0346387ce5e15c14a820032ad3046426095cdadb2
SSDEEP

3072:z7XAA0vXXGNOrw/MpcjtcKZkjXlDA5PtuO6o0BZ2gBM3/7juNyfMFS:HAAiXXHcpcBXRBO6oiZyiNyfgS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 1592	1540	rundll32.exe	28
PID 1540 wrote to memory of 1592	1540	rundll32.exe	28
PID 1540 wrote to memory of 1592	1540	rundll32.exe	28
PID 1540 wrote to memory of 1592	1540	rundll32.exe	28
PID 1540 wrote to memory of 1592	1540	rundll32.exe	28
PID 1540 wrote to memory of 1592	1540	rundll32.exe	28
PID 1540 wrote to memory of 1592	1540	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3224a0b014e306ea37e8be5ae4c6bca0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3224a0b014e306ea37e8be5ae4c6bca0_NeikiAnalytics.dll,#1
  2⤵
  PID:1592

memory/1592-2-0x00000000001B0000-0x0000000000223000-memory.dmp

Filesize
460KB

Download
memory/1592-1-0x00000000001B0000-0x0000000000223000-memory.dmp

Filesize
460KB

Download
memory/1592-0-0x00000000001B0000-0x0000000000223000-memory.dmp

Filesize
460KB

Download
memory/1592-3-0x00000000001B0000-0x0000000000223000-memory.dmp

Filesize
460KB

Download