cdd039ec561ef61faee13c37bef6aa6d9d7beb008327aa9c3f1a34836ca08b81

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 23:08

Target

4737e799c7e1c1ca5cd71a3113bdc340_NeikiAnalytics.dll
Size

81KB
MD5

4737e799c7e1c1ca5cd71a3113bdc340
SHA1

83bdcbaa12cb716bcc4d8770a5944df82d13062d
SHA256

cdd039ec561ef61faee13c37bef6aa6d9d7beb008327aa9c3f1a34836ca08b81
SHA512

8a9faf5f211afa1236e29e3addcd0cb0bd33d16adba4bb66c33b57c117535c5c269b9d3cb9c64a89bb455b322d537fdc979251ae6e91d65429b7e1b36c1bdb8e
SSDEEP

1536:ktByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8We:k4v4JKXTx71w0ArSsXF3enq8We

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 3212	1676	rundll32.exe	82
PID 1676 wrote to memory of 3212	1676	rundll32.exe	82
PID 1676 wrote to memory of 3212	1676	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4737e799c7e1c1ca5cd71a3113bdc340_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4737e799c7e1c1ca5cd71a3113bdc340_NeikiAnalytics.dll,#1
  2⤵
  PID:3212