2a20b9619937a035a8701f6881c0c9a19e9a028da38d6b6616098e5b7866f905

Analysis

max time kernel
138s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 03:59

Target

65a00e9844c3f7b8c7c1a18f5fc85420_NeikiAnalytics.dll
Size

94KB
MD5

65a00e9844c3f7b8c7c1a18f5fc85420
SHA1

31d482d863329f908a2a7fa64b931935dd4609b1
SHA256

2a20b9619937a035a8701f6881c0c9a19e9a028da38d6b6616098e5b7866f905
SHA512

bdcd33d1084116d4c344a94f5311069b34615ade00a094c57cbc98df48f59f6e80dee65cd03486c2490b8e061fdfd64e2929557dedbc10ed19ea9b0f9780a5cf
SSDEEP

1536:Jvs4enKdi7AaWRA8ka/VaUbPCZBJn6Y0Z2QUs:ZyKdi8aW2Y/VzuZL6R

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 4952	3356	rundll32.exe	83
PID 3356 wrote to memory of 4952	3356	rundll32.exe	83
PID 3356 wrote to memory of 4952	3356	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65a00e9844c3f7b8c7c1a18f5fc85420_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65a00e9844c3f7b8c7c1a18f5fc85420_NeikiAnalytics.dll,#1
  2⤵
  PID:4952