aff9cad071835051305a8fe8fbc09fd23a738f19dfc0ff0510a4210dba58e315

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 14:49

Target

aff9cad071835051305a8fe8fbc09fd23a738f19dfc0ff0510a4210dba58e315_NeikiAnalytics.dll
Size

1.0MB
MD5

5420d84c11643c1899631ecb369cd910
SHA1

89edb5c069a564461e9085e01de63a55da3b0846
SHA256

aff9cad071835051305a8fe8fbc09fd23a738f19dfc0ff0510a4210dba58e315
SHA512

dad3c5e4d15bfc1d1762eb58df59d878bf382e2b019af060fbb039aa004f1ce0cdc4658b79a0a211de3b30a092d589bf3ff1fcaf0191ec1011974f29ac65bc4f
SSDEEP

24576:DvcdRN+yQI6AiCjdqxs0AtF+mIq3T2dWsm3n09:7O2/y0AtY/qaosmk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2360	1960	rundll32.exe	28
PID 1960 wrote to memory of 2360	1960	rundll32.exe	28
PID 1960 wrote to memory of 2360	1960	rundll32.exe	28
PID 1960 wrote to memory of 2360	1960	rundll32.exe	28
PID 1960 wrote to memory of 2360	1960	rundll32.exe	28
PID 1960 wrote to memory of 2360	1960	rundll32.exe	28
PID 1960 wrote to memory of 2360	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aff9cad071835051305a8fe8fbc09fd23a738f19dfc0ff0510a4210dba58e315_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aff9cad071835051305a8fe8fbc09fd23a738f19dfc0ff0510a4210dba58e315_NeikiAnalytics.dll,#1
  2⤵
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\23B6.tmp
    C:\Users\Admin\AppData\Local\Temp\23B6.tmp
    3⤵
    PID:3012

memory/2360-0-0x0000000000180000-0x00000000001C1000-memory.dmp

Filesize
260KB

Download
memory/2360-1-0x0000000000180000-0x00000000001C1000-memory.dmp

Filesize
260KB

Download