e29e2f405721a8522ae59632914bf80b92c028f316ad773ff3b9463d7c131498

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 11:39

Target

06319fb94a080f55b90aea884334b890_NeikiAnalytics.dll
Size

562KB
MD5

06319fb94a080f55b90aea884334b890
SHA1

331ac55383642f88a1f6f792351ccaafcd788fab
SHA256

e29e2f405721a8522ae59632914bf80b92c028f316ad773ff3b9463d7c131498
SHA512

879c514db7dd85b9546e2ed7353fef17af6f0f88e0e35701d0e3dc964c94ec39ab67baf943ce8a0035e63928eb5fee25fdc6fb10ac680198e36ee72990afe5bf
SSDEEP

12288:+FOuCOM0eY7Ie0lbniH5TAKQUQ9dZNfOGs9plLWpORjg8:+FO07KAH5kKQjTWt9paOJP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 2004	4740	rundll32.exe	82
PID 4740 wrote to memory of 2004	4740	rundll32.exe	82
PID 4740 wrote to memory of 2004	4740	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06319fb94a080f55b90aea884334b890_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06319fb94a080f55b90aea884334b890_NeikiAnalytics.dll,#1
  2⤵
  PID:2004