6084457fa55d3a9dd708d8f56105ad163b2e4e9506dccffeb42a16373ed64085

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 04:46

Target

2eb64ac0eaa192bb3a73d89fdc150f30_NeikiAnalytics.dll
Size

9.0MB
MD5

2eb64ac0eaa192bb3a73d89fdc150f30
SHA1

c6f3d606ead4c98f298dbfd226b42013c3d20ca5
SHA256

6084457fa55d3a9dd708d8f56105ad163b2e4e9506dccffeb42a16373ed64085
SHA512

626f87bba34b2ee3557778765c0a3b8cc8e0330124b2810091bcdd3071102da276a883f03af68e9ec25b646e1f82fdde413a4b95f634fa473c0ad28d6843b43f
SSDEEP

196608:MDdWJQKiqdfwSqENZWS1xF7xl5V4/fF7YIaki:FJQ6dP3FFnVsfh/i

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2904	2876	rundll32.exe	28
PID 2876 wrote to memory of 2904	2876	rundll32.exe	28
PID 2876 wrote to memory of 2904	2876	rundll32.exe	28
PID 2876 wrote to memory of 2904	2876	rundll32.exe	28
PID 2876 wrote to memory of 2904	2876	rundll32.exe	28
PID 2876 wrote to memory of 2904	2876	rundll32.exe	28
PID 2876 wrote to memory of 2904	2876	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2eb64ac0eaa192bb3a73d89fdc150f30_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2eb64ac0eaa192bb3a73d89fdc150f30_NeikiAnalytics.dll,#1
  2⤵
  PID:2904

memory/2904-0-0x0000000073E80000-0x000000007498B000-memory.dmp

Filesize
11.0MB

Download
memory/2904-1-0x0000000072C10000-0x000000007371B000-memory.dmp

Filesize
11.0MB

Download
memory/2904-2-0x0000000072C10000-0x000000007371B000-memory.dmp

Filesize
11.0MB

Download
memory/2904-3-0x0000000073E80000-0x000000007498B000-memory.dmp

Filesize
11.0MB

Download