4f50c025b543e856f6386580cbc90e116c59312108cc18ee2706a235f14fe7ba

Analysis

max time kernel
129s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 09:11

Target

b78897a87ee776452c994c975fb20510_NeikiAnalytics.dll
Size

81KB
MD5

b78897a87ee776452c994c975fb20510
SHA1

dda5f563f385ac9ba2a495edc62a5eab046a4dba
SHA256

4f50c025b543e856f6386580cbc90e116c59312108cc18ee2706a235f14fe7ba
SHA512

15c1eaaf7806c540267e5944852f4363c3bc451cb3089130885558f48d92e9b38a998487f978ac443f2b8c4c436c905ff002a326b183414ac75a59a40609a896
SSDEEP

1536:gtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Ww:g4v4JKXTx71w0ArSsXF3enq8Ww

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 1228	4424	rundll32.exe	82
PID 4424 wrote to memory of 1228	4424	rundll32.exe	82
PID 4424 wrote to memory of 1228	4424	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b78897a87ee776452c994c975fb20510_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b78897a87ee776452c994c975fb20510_NeikiAnalytics.dll,#1
  2⤵
  PID:1228