8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 07:37

Target

8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9_NeikiAnalytics.dll
Size

120KB
MD5

36954213bea25fe0eb33a5f15b5f0e50
SHA1

da421af693994acb20d340167b643e209cea19cf
SHA256

8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9
SHA512

10148f388c7ae48c43a58e920177a4c0c8e4bbed0fed165c9be330ee6c90f8f83b01acd56cb4aed8332970980db35360b1f02bf9f36ef50f84a9a9bd9bbd0fc7
SSDEEP

3072:jC0TBUrb1sSJ6gkj1Ub1ibSlGpkhcxbw9B:VTObzaxUb1ibS4pXxbw

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2140	f767291.exe

Loads dropped DLL 2 IoCs

pid	Process
3032	rundll32.exe
3032	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3032	3008	rundll32.exe	28
PID 3008 wrote to memory of 3032	3008	rundll32.exe	28
PID 3008 wrote to memory of 3032	3008	rundll32.exe	28
PID 3008 wrote to memory of 3032	3008	rundll32.exe	28
PID 3008 wrote to memory of 3032	3008	rundll32.exe	28
PID 3008 wrote to memory of 3032	3008	rundll32.exe	28
PID 3008 wrote to memory of 3032	3008	rundll32.exe	28
PID 3032 wrote to memory of 2140	3032	rundll32.exe	29
PID 3032 wrote to memory of 2140	3032	rundll32.exe	29
PID 3032 wrote to memory of 2140	3032	rundll32.exe	29
PID 3032 wrote to memory of 2140	3032	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9_NeikiAnalytics.dll,#1
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\f767291.exe
    C:\Users\Admin\AppData\Local\Temp\f767291.exe
    3⤵
    - Executes dropped EXE
    PID:2140

\Users\Admin\AppData\Local\Temp\f767291.exe

Filesize
97KB

MD5
5c5dbb31c2d58b75f34512260a57a989

SHA1
c027a80a6acc7527eced83a860f99eb4fd0b17ae

SHA256
22a21154db77093531d01040c2e08100bc29de75f2220e12779a648a7c6d3a21

SHA512
e8f07c0fef237503b938406b09254119451066a62f103742be43bf2ce5d44ebfcbe65cc2592f40f4332de7d2b7c40cc2a6d932443cf21cd48ffb11a8b92b6153

Download Submit
memory/2140-12-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/3032-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/3032-1-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/3032-5-0x00000000000F0000-0x0000000000102000-memory.dmp

Filesize
72KB

Download
memory/3032-11-0x00000000000F0000-0x0000000000102000-memory.dmp

Filesize
72KB

Download
memory/3032-13-0x00000000000F0000-0x00000000000F6000-memory.dmp

Filesize
24KB

Download