3182c618af929dcd007049f0306d39f1ef209985b08d8c96fea8022018bf9c11

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 17:17

Target

015330ddfd86e765007e89b948416aa0_NeikiAnalytics.dll
Size

423KB
MD5

015330ddfd86e765007e89b948416aa0
SHA1

838bfe032d3b91e0abb6209733c3996931f93183
SHA256

3182c618af929dcd007049f0306d39f1ef209985b08d8c96fea8022018bf9c11
SHA512

e9e7022c07cba5a2305c9bea28bff222d9599ba5d074372d6a672fef791799f138886201fd17a09d3c590ac3e440913231d5862940b6ea9303bc46ea83fd3c37
SSDEEP

6144:qRlItZgZj0Y/BB5Ll/V1Jxy4wqHE+ITL/xOrrLzWYOkZ3CG4HvsaUWeVSFR1cuMD:sw8guB5LlnE3XS6/CNVShMSxNs1Lv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2060	1044	rundll32.exe	28
PID 1044 wrote to memory of 2060	1044	rundll32.exe	28
PID 1044 wrote to memory of 2060	1044	rundll32.exe	28
PID 1044 wrote to memory of 2060	1044	rundll32.exe	28
PID 1044 wrote to memory of 2060	1044	rundll32.exe	28
PID 1044 wrote to memory of 2060	1044	rundll32.exe	28
PID 1044 wrote to memory of 2060	1044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\015330ddfd86e765007e89b948416aa0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\015330ddfd86e765007e89b948416aa0_NeikiAnalytics.dll,#1
  2⤵
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\A5D.tmp
    C:\Users\Admin\AppData\Local\Temp\A5D.tmp
    3⤵
    PID:2892

memory/2060-0-0x00000000001D0000-0x000000000020C000-memory.dmp

Filesize
240KB

Download