7709f0056dea07a69631c255c1586dc1f182dfd55472773ab6e8b5dcede05898

Analysis

max time kernel
92s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 09:42

Target

7709f0056dea07a69631c255c1586dc1f182dfd55472773ab6e8b5dcede05898_NeikiAnalytics.dll
Size

155KB
MD5

420aff98d89cf2c17c39b0a31f1c7ab0
SHA1

bb8fb99a8b5d7f91097ef96b3a8af423eea7c4c4
SHA256

7709f0056dea07a69631c255c1586dc1f182dfd55472773ab6e8b5dcede05898
SHA512

21967d9c8e36951a2efe109950b44965821f80ec2219e8f82e68c7c5fa62a0d64d9750c0948c5a641a773dea7def05ccbd0c8ec94014dfc2cea31148dd51818d
SSDEEP

3072:I6yxvfGZKEoieAsOAa/+3usrc9vRdf+7:I6QfEKseAyrc9nf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 3520	3132	rundll32.exe	81
PID 3132 wrote to memory of 3520	3132	rundll32.exe	81
PID 3132 wrote to memory of 3520	3132	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7709f0056dea07a69631c255c1586dc1f182dfd55472773ab6e8b5dcede05898_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7709f0056dea07a69631c255c1586dc1f182dfd55472773ab6e8b5dcede05898_NeikiAnalytics.dll,#1
  2⤵
  PID:3520

memory/3520-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download