b70a6de8ed86fbb71e993895f060bda1899e6deb246bbc66cc4da9c48207d481

Analysis

max time kernel
129s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 01:53

Target

5979a80948c4d799f7b61a56ee8405a0_NeikiAnalytics.dll
Size

81KB
MD5

5979a80948c4d799f7b61a56ee8405a0
SHA1

456289c4fd5d023288369aabf5c6c56e4d3913bb
SHA256

b70a6de8ed86fbb71e993895f060bda1899e6deb246bbc66cc4da9c48207d481
SHA512

b70fa70ac31ca6bd350510427cc16cc95b784ed9898f59b5138289efd4164aebb5101bf39ac33055b6d141960e92c28e1564ac4b95894646ad388ea5e4f622c5
SSDEEP

1536:XtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wx:X4v4JKXTx71w0ArSsXF3enq8Wx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 704 wrote to memory of 4164	704	rundll32.exe	83
PID 704 wrote to memory of 4164	704	rundll32.exe	83
PID 704 wrote to memory of 4164	704	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5979a80948c4d799f7b61a56ee8405a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5979a80948c4d799f7b61a56ee8405a0_NeikiAnalytics.dll,#1
  2⤵
  PID:4164