1f467d53902f7fed3bf34e73c3fff0465a40df5b6c228910193084d50227b737

Analysis

max time kernel
94s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 23:31

Target

1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll
Size

414KB
MD5

1191b1e1212dc9a00cfb1348f2fc5f60
SHA1

7c41f137fd1e04d9b1bd5964c5a0a4b46211444a
SHA256

1f467d53902f7fed3bf34e73c3fff0465a40df5b6c228910193084d50227b737
SHA512

3f2857345b59329d51a2cafccd82d97c4dab4ae0b2efad4020a5d567aef361b04624a37dcabbc4f2749055bbc0ac2d120472012b8c4b491cbef89eb8e05e42aa
SSDEEP

6144:11sA6fnlk/peWuqQYkeLAD3f1sUnzzK6Fou6i8TKj3tF:vinQ85nYpLmJK6Fh78oP

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
3576	rundll32.exe
3576	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 3188	868	rundll32.exe	82
PID 868 wrote to memory of 3188	868	rundll32.exe	82
PID 868 wrote to memory of 3188	868	rundll32.exe	82
PID 3188 wrote to memory of 3576	3188	rundll32.exe	83
PID 3188 wrote to memory of 3576	3188	rundll32.exe	83
PID 3188 wrote to memory of 3576	3188	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3188
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240596140 1048904
    3⤵
    - Loads dropped DLL
    PID:3576

C:\Users\Admin\AppData\Local\Temp\1191b1e1212dc9a00cfb1348f2fc5f60_NeikiAnalytics.dll-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
172KB

MD5
4e04a4cb2cf220aecc23ea1884c74693

SHA1
a828c986d737f89ee1d9b50e63c540d48096957f

SHA256
cfed1841c76c9731035ebb61d5dc5656babf1beff6ed395e1c6b85bb9c74f85a

SHA512
c0b850fbc24efad8207a3fcca11217cb52f1d08b14deb16b8e813903fecd90714eb1a4b91b329cf779afff3d90963380f7cfd1555ffc27bd4ac6598c709443c4

Download Submit
memory/3576-5-0x000000007400E000-0x000000007400F000-memory.dmp

Filesize
4KB

Download
memory/3576-10-0x0000000003200000-0x000000000322E000-memory.dmp

Filesize
184KB

Download
memory/3576-11-0x0000000074000000-0x00000000747B0000-memory.dmp

Filesize
7.7MB

Download
memory/3576-19-0x0000000074000000-0x00000000747B0000-memory.dmp

Filesize
7.7MB

Download
memory/3576-21-0x0000000074000000-0x00000000747B0000-memory.dmp

Filesize
7.7MB

Download
memory/3576-22-0x0000000074000000-0x00000000747B0000-memory.dmp

Filesize
7.7MB

Download