f18bfb74d6eb9c635fc619968791953ed41bec42e46c294b3e0c8a3c89cd3f6f

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 05:31

Target

8a8ed697edfb01c88515a69b80e356e0_NeikiAnalytics.dll
Size

5KB
MD5

8a8ed697edfb01c88515a69b80e356e0
SHA1

fb5bade918b5f4c36b949b15daaa5a526f11fdad
SHA256

f18bfb74d6eb9c635fc619968791953ed41bec42e46c294b3e0c8a3c89cd3f6f
SHA512

fdbb8a60ec1ce669b47863ceeb3a148cb608c9a1698010e098d218fce324cd44201c0748dc9a96ca54046cb3adad6f622e0a4b4833ca05621512b289719fe6f7
SSDEEP

96:DixZjmjtjd8jPjcZGR5TItZQ1bFbqoiUioujvcSi8KfI3U:unSR6bgYKZQ1bFbqoiUHujv3i8KfI3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 4432	4448	rundll32.exe	81
PID 4448 wrote to memory of 4432	4448	rundll32.exe	81
PID 4448 wrote to memory of 4432	4448	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a8ed697edfb01c88515a69b80e356e0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a8ed697edfb01c88515a69b80e356e0_NeikiAnalytics.dll,#1
  2⤵
  PID:4432