c7a5ac66a74de02098e80e9ba814c11e4549f4cb703c6dbf4e060b49bb82ff98

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 10:16

Target

2cea88b7a2474bd3c58118bb5c9fe2f0_NeikiAnalytics.dll
Size

68KB
MD5

2cea88b7a2474bd3c58118bb5c9fe2f0
SHA1

6459e4ded1c148951ce57f8c6f1695f88a62537c
SHA256

c7a5ac66a74de02098e80e9ba814c11e4549f4cb703c6dbf4e060b49bb82ff98
SHA512

9628696c1da719d7a62fbc8fe339b92255f0756056085b8089bec3440be60d540de70d5e5dead511e0698947866d748d07b1146420a917f3bfae2f0553746d1b
SSDEEP

1536:MLNd/Pk7btaoX7DypKr0wNWYIUSS9eyBpC0iZs3k:GNhY5aora80mWYI7uCXs3

Score

7^/10

Drops startup file 1 IoCs

Processes:

rundll32.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrogjrty.exe	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1228 wrote to memory of 1716	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 1716	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 1716	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 1716	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 1716	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 1716	1228	rundll32.exe	rundll32.exe
PID 1228 wrote to memory of 1716	1228	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cea88b7a2474bd3c58118bb5c9fe2f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cea88b7a2474bd3c58118bb5c9fe2f0_NeikiAnalytics.dll,#1
2⤵
- Drops startup file
PID:1716

memory/1716-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/1716-3-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/1716-2-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/1716-1-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download