e8b33433767364ac61e4acbe3e5af5d4e7e320254ab5d79445b90aba28dc74f3

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 14:50

Target

102c0a341eb324f52a4a480c8978da80_NeikiAnalytics.dll
Size

28KB
MD5

102c0a341eb324f52a4a480c8978da80
SHA1

6cc7765ae891cdee5431d679c510837db917fd82
SHA256

e8b33433767364ac61e4acbe3e5af5d4e7e320254ab5d79445b90aba28dc74f3
SHA512

bc53428c31f75564fe72d189badad1ca95134a436eea046fcb3b3230bca929b5c3877aef8941acfbaff6ebea07f235b4f652371ea8af159f2d6799659b317479
SSDEEP

768:jMORR/8SSuNEE36ioJIWIl+tLMcjV4+kkoVV:jMORRlSSEEfJl8xmjf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2796	4788	rundll32.exe	82
PID 4788 wrote to memory of 2796	4788	rundll32.exe	82
PID 4788 wrote to memory of 2796	4788	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\102c0a341eb324f52a4a480c8978da80_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\102c0a341eb324f52a4a480c8978da80_NeikiAnalytics.dll,#1
  2⤵
  PID:2796