192b1cd57a82b36e120dda4eb7432be85076859085ccd402c893cc33709a5109

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:13

Target

548e80bc5177aa1a7afeb2ce58012940_NeikiAnalytics.dll
Size

81KB
MD5

548e80bc5177aa1a7afeb2ce58012940
SHA1

1a9cfbdd0e280a12699271654bd412ee92d7e544
SHA256

192b1cd57a82b36e120dda4eb7432be85076859085ccd402c893cc33709a5109
SHA512

79c88fe0287461555e0a5b2fd0244afc6e5378db02c51a844a20a69276e0cc43d50115cc8dd9e81f758eb3505cb403c260f80995263da8bb3239afde46e839d0
SSDEEP

1536:ZtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W/:Z4v4JKXTx71w0ArSsXF3enq8W/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1416 wrote to memory of 2748	1416	rundll32.exe	rundll32.exe
PID 1416 wrote to memory of 2748	1416	rundll32.exe	rundll32.exe
PID 1416 wrote to memory of 2748	1416	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\548e80bc5177aa1a7afeb2ce58012940_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\548e80bc5177aa1a7afeb2ce58012940_NeikiAnalytics.dll,#1
2⤵
PID:2748