5e0e3a6d0b27a8b4a4c6065d35fbabbc95b68b05d53b49441de81a874a6ff3d2

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 17:36

Target

22d4768ab1943279823ebec9f55058b0_NeikiAnalytics.dll
Size

81KB
MD5

22d4768ab1943279823ebec9f55058b0
SHA1

0e6439cce49edec511f69d6b1e05708b5d961e4a
SHA256

5e0e3a6d0b27a8b4a4c6065d35fbabbc95b68b05d53b49441de81a874a6ff3d2
SHA512

0dd51bbc03c344590c0f73fec49654f6599aac0b866482ec85451da3fc439755d24de103388ad73437b917b0fd7e66dfe231cd9101362629330af709b7611346
SSDEEP

1536:btByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Ws:b4v4JKXTx71w0ArSsXF3enq8Ws

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 3860	3932	rundll32.exe	82
PID 3932 wrote to memory of 3860	3932	rundll32.exe	82
PID 3932 wrote to memory of 3860	3932	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22d4768ab1943279823ebec9f55058b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22d4768ab1943279823ebec9f55058b0_NeikiAnalytics.dll,#1
  2⤵
  PID:3860