37fbbe7cd093231b262a95377ad4d136d4f358251f8cfc5d58a5caadbcfdae2d

Analysis

max time kernel
139s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 02:17

Target

7dba51c2499e0f7d5deb44d9e7d7f420_NeikiAnalytics.dll
Size

6KB
MD5

7dba51c2499e0f7d5deb44d9e7d7f420
SHA1

12c3b674d45974fba33360e497781bf79297de53
SHA256

37fbbe7cd093231b262a95377ad4d136d4f358251f8cfc5d58a5caadbcfdae2d
SHA512

ef3ee2ad870b0fd71e422629f3bd257172b45e8f0e89c6719dcda75a9a6a727e687ab2e562a31a0c4c0c1a870513facca62a8dd69366cd587e4eb2bf3db6a13b
SSDEEP

192:JKZc5Y8OI4ujWWIZciPQ6Dj1QQj60Y/D6nz:JKZq/t4ujWWV6L4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 3088	536	rundll32.exe	83
PID 536 wrote to memory of 3088	536	rundll32.exe	83
PID 536 wrote to memory of 3088	536	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7dba51c2499e0f7d5deb44d9e7d7f420_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7dba51c2499e0f7d5deb44d9e7d7f420_NeikiAnalytics.dll,#1
  2⤵
  PID:3088