47f036f4b1cecb60138ffbe67100aac925a236d5c1f3a44134cf495da369047e

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 12:55

Target

d2f5ff7be353e1b87c55a5cb00a18d90_NeikiAnalytics.dll
Size

81KB
MD5

d2f5ff7be353e1b87c55a5cb00a18d90
SHA1

90e206901b6c39af8d0487b1d6a9e93e245cd415
SHA256

47f036f4b1cecb60138ffbe67100aac925a236d5c1f3a44134cf495da369047e
SHA512

bcb2745bf0c27a0d31b2bc8267673d4e5e30eda578f088793989387cb283808b31eb8b6d04254043aa4baa3512062e929e8c729fc05417b30be732f870751aa0
SSDEEP

1536:YByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WP:Fv4JKXTx71wnArSsXFpeXq8WP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 660	4732	rundll32.exe	82
PID 4732 wrote to memory of 660	4732	rundll32.exe	82
PID 4732 wrote to memory of 660	4732	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2f5ff7be353e1b87c55a5cb00a18d90_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2f5ff7be353e1b87c55a5cb00a18d90_NeikiAnalytics.dll,#1
  2⤵
  PID:660