297c134ba6c023c6732e2e5ad784150ece9d92a738141bf3745370a610d57790

Analysis

max time kernel
134s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:51

Target

0d05c242299e96780eed330da885b900_NeikiAnalytics.dll
Size

81KB
MD5

0d05c242299e96780eed330da885b900
SHA1

e437cefbb950c4d79d728b7345da3a191eee19c2
SHA256

297c134ba6c023c6732e2e5ad784150ece9d92a738141bf3745370a610d57790
SHA512

725d3a10bb5907866e058ca76131d0ec98a4fc246ce89b205343a5abf1f71aff9b21aa811023138ed64f6a34609c751372244046d11b89523a91b55da7aa8c8c
SSDEEP

1536:kc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+Gr:b+5oxmqAiR8+/RBkez0U+4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4512 wrote to memory of 4540	4512	rundll32.exe	rundll32.exe
PID 4512 wrote to memory of 4540	4512	rundll32.exe	rundll32.exe
PID 4512 wrote to memory of 4540	4512	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d05c242299e96780eed330da885b900_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d05c242299e96780eed330da885b900_NeikiAnalytics.dll,#1
2⤵
PID:4540