edac8982d62a8c8e62680f0b2fb4b16b6eaa851c9400f46ebfa16a986be6cd5a

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 05:02

Target

83fcdeac2883baedb07c541564479b80_NeikiAnalytics.dll
Size

17KB
MD5

83fcdeac2883baedb07c541564479b80
SHA1

8184bf3f05b1a25ba4398422c5e3ef022d06800e
SHA256

edac8982d62a8c8e62680f0b2fb4b16b6eaa851c9400f46ebfa16a986be6cd5a
SHA512

fc6501594f65d702dc3bec30e9a9fc606fc8a50316326f22460a5d2505a6474f40f416168782f568f4283da129c42cc70c0dfc56837b226ed3e1d4e383f0f5d1
SSDEEP

192:I+xZRXpO2PG5u9tE6sQ3XTsjuwcfBCwdnfjJFoSCXhei3i64m/Vl:I+bRXpauzoQ3w6wcJCwdNFFOhCm/Vl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 4160	2128	rundll32.exe	82
PID 2128 wrote to memory of 4160	2128	rundll32.exe	82
PID 2128 wrote to memory of 4160	2128	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83fcdeac2883baedb07c541564479b80_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\83fcdeac2883baedb07c541564479b80_NeikiAnalytics.dll,#1
  2⤵
  PID:4160