c2d4d78422ce67e277dda7e9d3cd6b8e6da2af292ea1678b1204eda5c09eab8d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 09:39

Target

d6a9e3684b85df1363193e2c1ee41760_NeikiAnalytics.dll
Size

6KB
MD5

d6a9e3684b85df1363193e2c1ee41760
SHA1

058ced92876954af990e3096560dbed338fe768c
SHA256

c2d4d78422ce67e277dda7e9d3cd6b8e6da2af292ea1678b1204eda5c09eab8d
SHA512

b6062673a94e9212d79d30072cf94e7218b6325566a5ef80fff93cbac21d733f548fa207b7c6d9f831a018bdd80ceec2a24b1a6aa30163051946c3aa489c054e
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0CB+BDq9J5SH:VDa9VUX9bQWiB+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 1328	932	rundll32.exe	82
PID 932 wrote to memory of 1328	932	rundll32.exe	82
PID 932 wrote to memory of 1328	932	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6a9e3684b85df1363193e2c1ee41760_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6a9e3684b85df1363193e2c1ee41760_NeikiAnalytics.dll,#1
  2⤵
  PID:1328