c26787aabff76ae0432674eede86b6012217f96254c6db8e8d542cd292aadf22

Analysis

max time kernel
130s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 13:15

Target

34947be4501c7b3ab902147985822d80_NeikiAnalytics.dll
Size

158KB
MD5

34947be4501c7b3ab902147985822d80
SHA1

e7f459be3dde267655b71472e4f8d76f1b7c3525
SHA256

c26787aabff76ae0432674eede86b6012217f96254c6db8e8d542cd292aadf22
SHA512

e7be3eeb403d3bd1ca7d06e706634b9e2a5d0e9992b4332882c979a5c11a1ed5d20c112c9aad99e9618cdce8900bc8694b8905bba722ebf242907fbe25ca7911
SSDEEP

3072:m77C2/sZgxpg8/f2Cnpli5oswCuOGo0/Xm7TomjDNjN8UE0kUE0k0U7UE0kUE0US:m/NXH7vEoskOGZW5X

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4024-0-0x0000000001E20000-0x0000000001E9F000-memory.dmp	upx
behavioral2/memory/4024-1-0x0000000001E20000-0x0000000001E9F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 4024	2816	rundll32.exe	83
PID 2816 wrote to memory of 4024	2816	rundll32.exe	83
PID 2816 wrote to memory of 4024	2816	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34947be4501c7b3ab902147985822d80_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\34947be4501c7b3ab902147985822d80_NeikiAnalytics.dll,#1
  2⤵
  PID:4024

memory/4024-0-0x0000000001E20000-0x0000000001E9F000-memory.dmp

Filesize
508KB

Download
memory/4024-1-0x0000000001E20000-0x0000000001E9F000-memory.dmp

Filesize
508KB

Download