781f9e10f6fadd51087880c68cc1f7d3c187d52e926f418a2fc75c98ff351152

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 03:25

Target

987ce87227a205b7706c9cb19afcfcd0_NeikiAnalytics.dll
Size

81KB
MD5

987ce87227a205b7706c9cb19afcfcd0
SHA1

9849d66886017e0b28b2ec7f9b8d672888ffad3d
SHA256

781f9e10f6fadd51087880c68cc1f7d3c187d52e926f418a2fc75c98ff351152
SHA512

ef355857f02116cd5526789abc3a18f9b816ad969344e3e8b2300c837d4836470e1ac535976342e67db20884478cf3eeb8e3cf51a7f9473e891115504acb5e35
SSDEEP

1536:KtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wx:K4v4JKXTx71w0ArSsXF3enq8Wx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 4604	1376	rundll32.exe	83
PID 1376 wrote to memory of 4604	1376	rundll32.exe	83
PID 1376 wrote to memory of 4604	1376	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\987ce87227a205b7706c9cb19afcfcd0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\987ce87227a205b7706c9cb19afcfcd0_NeikiAnalytics.dll,#1
  2⤵
  PID:4604