6c371c304479ae672d001b08f2351159f2aed49642e6c2dbcd6b6bee8d49548c

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 00:21

Target

4d354f00b50a1831a50d02e75f5fe630_NeikiAnalytics.dll
Size

81KB
MD5

4d354f00b50a1831a50d02e75f5fe630
SHA1

335a0821c4ec43442246368a996cfee5c853d578
SHA256

6c371c304479ae672d001b08f2351159f2aed49642e6c2dbcd6b6bee8d49548c
SHA512

c7e1f79ccc7c6895bd660c32c69333eac5e3571036446304b1d90503c69462f45d4af6cd6a467bc9c640fc6a82a370d18013a4cf9fe7bbc9a4e6acae2a2e8d27
SSDEEP

1536:PtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W7:P4v4JKXTx71w0ArSsXF3enq8W7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1208	1692	rundll32.exe	82
PID 1692 wrote to memory of 1208	1692	rundll32.exe	82
PID 1692 wrote to memory of 1208	1692	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d354f00b50a1831a50d02e75f5fe630_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d354f00b50a1831a50d02e75f5fe630_NeikiAnalytics.dll,#1
  2⤵
  PID:1208