4bbc70aa905fbcf4e00cfa5873fb65e61b2113dfb7cf6104781f73c1174b2c04

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 20:00

Target

1a97fea46d66cfa2a96b6cb375545240_NeikiAnalytics.dll
Size

5KB
MD5

1a97fea46d66cfa2a96b6cb375545240
SHA1

5d2b7b142068f3d801dba67efb351a357a58ad70
SHA256

4bbc70aa905fbcf4e00cfa5873fb65e61b2113dfb7cf6104781f73c1174b2c04
SHA512

a97ce8bb9db67fc5a081d19217fc8bba35f147660201a13552de2998ff034af0120ca85e0ca0812118ba82497cef26357866d279a4246cfa178b33df41f4fdf7
SSDEEP

48:Ss0QejYDx6/gB5B65/ic/2hmm3YGebeTKurfUsMbfN1Plea/2rg682LmPq6U/ya6:z0QR9B6BvAwbliLyUKAYj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 4508	1204	rundll32.exe	82
PID 1204 wrote to memory of 4508	1204	rundll32.exe	82
PID 1204 wrote to memory of 4508	1204	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a97fea46d66cfa2a96b6cb375545240_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a97fea46d66cfa2a96b6cb375545240_NeikiAnalytics.dll,#1
  2⤵
  PID:4508