241ef2f77c3857cd0a70adeb49d5da9f24af0ec061ff196fa1ab5263a2cfce0e

Analysis

max time kernel
130s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 12:33

Target

deb21a7d40135d8f895fe2c0de65f500_NeikiAnalytics.dll
Size

6KB
MD5

deb21a7d40135d8f895fe2c0de65f500
SHA1

e8b290e0dd7c2cc308506f7217b6100f1f0fe597
SHA256

241ef2f77c3857cd0a70adeb49d5da9f24af0ec061ff196fa1ab5263a2cfce0e
SHA512

a15454ceb11b5c88b785c173c0fffc3b9e706caf7d9ccff16a1588e6d490fa48e06f1b126725ef89cc0e45dda6c6553e9c500fcebe4dbb4e74b2554e5dc08ac1
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqCMmPjdW5l5+av2kI4C4rxPdusFwmw9CGmT:hy859x0P8MaP4+vkkGMG3OWGPv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3716	2692	rundll32.exe	82
PID 2692 wrote to memory of 3716	2692	rundll32.exe	82
PID 2692 wrote to memory of 3716	2692	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\deb21a7d40135d8f895fe2c0de65f500_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\deb21a7d40135d8f895fe2c0de65f500_NeikiAnalytics.dll,#1
  2⤵
  PID:3716