603e5581882fb3f588dc3d59ea18ce4c3c5607514229244109bdd86e361aee55

Analysis

max time kernel
134s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 20:05

Target

1b7e3d678a997f322fa4d87307fcb9a0_NeikiAnalytics.dll
Size

59KB
MD5

1b7e3d678a997f322fa4d87307fcb9a0
SHA1

4271f1d0b2e747b21cbbe9bca1377c636eb78531
SHA256

603e5581882fb3f588dc3d59ea18ce4c3c5607514229244109bdd86e361aee55
SHA512

c4d38374fe7e046aecc08c168f325eff502a937b0702666a93c0705ed05ed5730864fb376bdd404ac6f4cda4c60692e6b4570039d657b7bdd8aa4b7eca49586a
SSDEEP

1536:eQxFBdL2im3Dnfsugg01iHlhjKXGfxwS3AfhE:efR373gg0eheWfxkZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 3412	948	rundll32.exe	82
PID 948 wrote to memory of 3412	948	rundll32.exe	82
PID 948 wrote to memory of 3412	948	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b7e3d678a997f322fa4d87307fcb9a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b7e3d678a997f322fa4d87307fcb9a0_NeikiAnalytics.dll,#1
  2⤵
  PID:3412