b326a2b57766525405f0f8045c2f8d33231dab61519c285d0ee9e4706273da67

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 14:53

Target

06ae2d64d8f367909d97753b2a722b60_NeikiAnalytics.dll
Size

51KB
MD5

06ae2d64d8f367909d97753b2a722b60
SHA1

bcf474b06aece36b4f03ae428fdda745f6a7fa0f
SHA256

b326a2b57766525405f0f8045c2f8d33231dab61519c285d0ee9e4706273da67
SHA512

efde633ed44788f5c47351a14ac4b1f4ff51b32427532e0417b23a6e4b4140ddd9dd2b7815f24243b4333a981e6ff5453ec37edd8fd17790db6ef16c820787e8
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezdsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBWpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2252	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2252	2184	rundll32.exe	28
PID 2184 wrote to memory of 2252	2184	rundll32.exe	28
PID 2184 wrote to memory of 2252	2184	rundll32.exe	28
PID 2184 wrote to memory of 2252	2184	rundll32.exe	28
PID 2184 wrote to memory of 2252	2184	rundll32.exe	28
PID 2184 wrote to memory of 2252	2184	rundll32.exe	28
PID 2184 wrote to memory of 2252	2184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ae2d64d8f367909d97753b2a722b60_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ae2d64d8f367909d97753b2a722b60_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2252

memory/2252-0-0x0000000074790000-0x00000000747A0000-memory.dmp

Filesize
64KB

Download