0f0b47f0057d559bfc399b6a619cb07b348d81c0f693cd94912b335026ca5cdc

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 22:13

Target

43ae9cf0cd248539a4321bb08e15cba0_NeikiAnalytics.dll
Size

570KB
MD5

43ae9cf0cd248539a4321bb08e15cba0
SHA1

9f3fb49feb4725a4e09eaaf2d870b4f685af50cc
SHA256

0f0b47f0057d559bfc399b6a619cb07b348d81c0f693cd94912b335026ca5cdc
SHA512

bf1d81fca1d84a674d00e27c3a1e1c7b27a11e704de409425ccf9bd71ab7fea32364a9f9552c4aea68dd959c2778695b0b1b957dca3ba6394d48cd6652a44922
SSDEEP

12288:8tfuHF+NT7APjuD3diJQljDjK/Z/9OHob6IAoRHz:8c+NT7ntgQNu/V9OH5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2300 wrote to memory of 2152	2300	rundll32.exe	rundll32.exe
PID 2300 wrote to memory of 2152	2300	rundll32.exe	rundll32.exe
PID 2300 wrote to memory of 2152	2300	rundll32.exe	rundll32.exe
PID 2300 wrote to memory of 2152	2300	rundll32.exe	rundll32.exe
PID 2300 wrote to memory of 2152	2300	rundll32.exe	rundll32.exe
PID 2300 wrote to memory of 2152	2300	rundll32.exe	rundll32.exe
PID 2300 wrote to memory of 2152	2300	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43ae9cf0cd248539a4321bb08e15cba0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43ae9cf0cd248539a4321bb08e15cba0_NeikiAnalytics.dll,#1
2⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\901F.tmp
C:\Users\Admin\AppData\Local\Temp\901F.tmp
3⤵
PID:1776

memory/2152-0-0x00000000001E0000-0x0000000000222000-memory.dmp

Filesize
264KB

Download
memory/2152-1-0x00000000001E0000-0x0000000000222000-memory.dmp

Filesize
264KB

Download