ca0558ea1219f2278af0eb483f6d3159d356f1c08dcaf8bd68eb8360ab2217b6

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 09:15

Target

aa1fe536cb98200daeeddff76e956e50_NeikiAnalytics.dll
Size

2.3MB
MD5

aa1fe536cb98200daeeddff76e956e50
SHA1

a4f3845b67976ec9faaba78650f4efde3af21b21
SHA256

ca0558ea1219f2278af0eb483f6d3159d356f1c08dcaf8bd68eb8360ab2217b6
SHA512

f971b62b32a9dbf40d216191378c9289af6d8bdf1cb02539c0ed3baeb8472012a8d3dad2def7f2969c5711664b4039c30348929bf65259825fa520dd36018d5b
SSDEEP

49152:SlGT4IpXPqBwB3Bts0wdOCI8RxCxctjwJDwseZSSt5wAoNwn7Z4T7t:NPXPCWk0Ft8QJ4Sdwn14

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 356	1940	rundll32.exe	28
PID 1940 wrote to memory of 356	1940	rundll32.exe	28
PID 1940 wrote to memory of 356	1940	rundll32.exe	28
PID 1940 wrote to memory of 356	1940	rundll32.exe	28
PID 1940 wrote to memory of 356	1940	rundll32.exe	28
PID 1940 wrote to memory of 356	1940	rundll32.exe	28
PID 1940 wrote to memory of 356	1940	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa1fe536cb98200daeeddff76e956e50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa1fe536cb98200daeeddff76e956e50_NeikiAnalytics.dll,#1
  2⤵
  PID:356

memory/356-0-0x00000000000C0000-0x00000000000C6000-memory.dmp

Filesize
24KB

Download
memory/356-1-0x0000000010000000-0x0000000010253000-memory.dmp

Filesize
2.3MB

Download
memory/356-6-0x0000000002340000-0x0000000002452000-memory.dmp

Filesize
1.1MB

Download
memory/356-7-0x0000000002460000-0x0000000002557000-memory.dmp

Filesize
988KB

Download
memory/356-10-0x0000000002460000-0x0000000002557000-memory.dmp

Filesize
988KB

Download
memory/356-11-0x0000000010000000-0x0000000010253000-memory.dmp

Filesize
2.3MB

Download
memory/356-12-0x0000000002460000-0x0000000002557000-memory.dmp

Filesize
988KB

Download
memory/356-13-0x0000000002560000-0x0000000003810000-memory.dmp

Filesize
18.7MB

Download
memory/356-14-0x0000000003810000-0x00000000038FA000-memory.dmp

Filesize
936KB

Download
memory/356-15-0x0000000003900000-0x00000000039EC000-memory.dmp

Filesize
944KB

Download
memory/356-18-0x0000000003900000-0x00000000039EC000-memory.dmp

Filesize
944KB

Download
memory/356-19-0x00000000000D0000-0x00000000000D2000-memory.dmp

Filesize
8KB

Download
memory/356-20-0x0000000044A50000-0x0000000044A54000-memory.dmp

Filesize
16KB

Download