9a1fe6f39fe35fc31c95681e8c3a0ed0ed3c9ce9a9353e4ac2a030ae24698c96

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 21:17

Target

1c556025b6628e88d6e13d820af7ded0_NeikiAnalytics.dll
Size

81KB
MD5

1c556025b6628e88d6e13d820af7ded0
SHA1

3eb2c2f1c00fe72263a13d8df0f36b4d0e915676
SHA256

9a1fe6f39fe35fc31c95681e8c3a0ed0ed3c9ce9a9353e4ac2a030ae24698c96
SHA512

aa68a302a95488e6e07fd1ccef79dbeeb6e4b35e87596153ce83bd96f03ff89443a1eedcd18593873f8e4cbf227ac0a110ce28f457a5e30fdcccf8116897d0b1
SSDEEP

1536:3tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wv:34v4JKXTx71w0ArSsXF3enq8Wv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 2280	3296	rundll32.exe	82
PID 3296 wrote to memory of 2280	3296	rundll32.exe	82
PID 3296 wrote to memory of 2280	3296	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c556025b6628e88d6e13d820af7ded0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c556025b6628e88d6e13d820af7ded0_NeikiAnalytics.dll,#1
  2⤵
  PID:2280