b59df494a666d1b2e84460926becddf783d1db0f4a694a3a164237919e44cc14

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:08

Target

78fa60e60667f9ccc38165d1ca5665b0_NeikiAnalytics.dll
Size

81KB
MD5

78fa60e60667f9ccc38165d1ca5665b0
SHA1

14fad0148c8cfb1b2d762368341ec9a670402552
SHA256

b59df494a666d1b2e84460926becddf783d1db0f4a694a3a164237919e44cc14
SHA512

e9f42915e0a07d81d51385544360857be4200fda32f6441b62b89f2a3c752307aad64ce72cd34f4315b8965959ebb7acec378aa593c0568361ad02954ffb0aa0
SSDEEP

1536:aByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WY:7v4JKXTx71wnArSsXFpeXq8WY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 4776	1500	rundll32.exe	82
PID 1500 wrote to memory of 4776	1500	rundll32.exe	82
PID 1500 wrote to memory of 4776	1500	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78fa60e60667f9ccc38165d1ca5665b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\78fa60e60667f9ccc38165d1ca5665b0_NeikiAnalytics.dll,#1
  2⤵
  PID:4776