1f467d53902f7fed3bf34e73c3fff0465a40df5b6c228910193084d50227b737

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 23:31

Target

1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll
Size

414KB
MD5

1191b1e1212dc9a00cfb1348f2fc5f60
SHA1

7c41f137fd1e04d9b1bd5964c5a0a4b46211444a
SHA256

1f467d53902f7fed3bf34e73c3fff0465a40df5b6c228910193084d50227b737
SHA512

3f2857345b59329d51a2cafccd82d97c4dab4ae0b2efad4020a5d567aef361b04624a37dcabbc4f2749055bbc0ac2d120472012b8c4b491cbef89eb8e05e42aa
SSDEEP

6144:11sA6fnlk/peWuqQYkeLAD3f1sUnzzK6Fou6i8TKj3tF:vinQ85nYpLmJK6Fh78oP

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
1972	rundll32.exe
1972	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2908	1744	rundll32.exe	28
PID 1744 wrote to memory of 2908	1744	rundll32.exe	28
PID 1744 wrote to memory of 2908	1744	rundll32.exe	28
PID 1744 wrote to memory of 2908	1744	rundll32.exe	28
PID 1744 wrote to memory of 2908	1744	rundll32.exe	28
PID 1744 wrote to memory of 2908	1744	rundll32.exe	28
PID 1744 wrote to memory of 2908	1744	rundll32.exe	28
PID 2908 wrote to memory of 1972	2908	rundll32.exe	29
PID 2908 wrote to memory of 1972	2908	rundll32.exe	29
PID 2908 wrote to memory of 1972	2908	rundll32.exe	29
PID 2908 wrote to memory of 1972	2908	rundll32.exe	29
PID 2908 wrote to memory of 1972	2908	rundll32.exe	29
PID 2908 wrote to memory of 1972	2908	rundll32.exe	29
PID 2908 wrote to memory of 1972	2908	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259398665 262388
    3⤵
    - Loads dropped DLL
    PID:1972

\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
172KB

MD5
4e04a4cb2cf220aecc23ea1884c74693

SHA1
a828c986d737f89ee1d9b50e63c540d48096957f

SHA256
cfed1841c76c9731035ebb61d5dc5656babf1beff6ed395e1c6b85bb9c74f85a

SHA512
c0b850fbc24efad8207a3fcca11217cb52f1d08b14deb16b8e813903fecd90714eb1a4b91b329cf779afff3d90963380f7cfd1555ffc27bd4ac6598c709443c4

Download Submit
memory/1972-5-0x0000000073E7E000-0x0000000073E7F000-memory.dmp

Filesize
4KB

Download
memory/1972-10-0x0000000000520000-0x000000000054E000-memory.dmp

Filesize
184KB

Download
memory/1972-18-0x0000000073E70000-0x000000007455E000-memory.dmp

Filesize
6.9MB

Download