853098965abea510c51c5d5980f99547415f4ebbebefe3ff3fcc7473fae6a5a2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:51

Target

0d22bc169cdf565f6279a6d0ceff5a00_NeikiAnalytics.dll
Size

81KB
MD5

0d22bc169cdf565f6279a6d0ceff5a00
SHA1

242cbf5e4a7496916011e2c5c4b49964ee229f2d
SHA256

853098965abea510c51c5d5980f99547415f4ebbebefe3ff3fcc7473fae6a5a2
SHA512

e9851c24183eb8dfe35d4f56e928a6ea8493a65e05d1218ffbdc323c09beb158f4071ad9c76bb6cc1389a89a6b24f70a80c7df6bcf9a29df38d7621b59013abd
SSDEEP

1536:xtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Ww:x4v4JKXTx71w0ArSsXF3enq8Ww

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 880 wrote to memory of 336	880	rundll32.exe	rundll32.exe
PID 880 wrote to memory of 336	880	rundll32.exe	rundll32.exe
PID 880 wrote to memory of 336	880	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d22bc169cdf565f6279a6d0ceff5a00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:880

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d22bc169cdf565f6279a6d0ceff5a00_NeikiAnalytics.dll,#1
2⤵
PID:336