48c36f8cfb0145b8eaef99cb8819924e1b67c460a64b8b0cfbf476a3c72f8cbb

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 09:20

Target

d305dbbc42b1fdc5deed032adc731d70_NeikiAnalytics.dll
Size

7KB
MD5

d305dbbc42b1fdc5deed032adc731d70
SHA1

f4e098a8f47eb27098ea425538cbfcf8e252e77b
SHA256

48c36f8cfb0145b8eaef99cb8819924e1b67c460a64b8b0cfbf476a3c72f8cbb
SHA512

60baf80735049a9912625da25348cad005636fd47a43c7cad802757077c729181212d1e7cf10a67956a36fa4b4e665bc32779f647f51d32670c7e280fb1c4a3f
SSDEEP

96:Hxvtj+jhjvj3jcZGOiI0Eg6pO4JAub2z/Wk3deTGt:H5t6djbgYRpCPZb2iEuo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4380	2452	rundll32.exe	82
PID 2452 wrote to memory of 4380	2452	rundll32.exe	82
PID 2452 wrote to memory of 4380	2452	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d305dbbc42b1fdc5deed032adc731d70_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d305dbbc42b1fdc5deed032adc731d70_NeikiAnalytics.dll,#1
  2⤵
  PID:4380