319ee203d5aa313b27d202c74c19b003defd12e264af3b6e3a2cd699bdaa6c19

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:59

Target

5270c00d530f88e74d62a44cfcada6f0_NeikiAnalytics.dll
Size

81KB
MD5

5270c00d530f88e74d62a44cfcada6f0
SHA1

03b65d65cf43f60bb6664b27760b0aae5b507fce
SHA256

319ee203d5aa313b27d202c74c19b003defd12e264af3b6e3a2cd699bdaa6c19
SHA512

9684f82a6c9212299b63538f18425e01528e6fb2c7b9a241139f398c8ba96f720ab789e601c775def7f2f731ad99347609b40d276d0cc4ccd111f807625c1aa7
SSDEEP

1536:stByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wl:s4v4JKXTx71w0ArSsXF3enq8Wl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3588 wrote to memory of 2920	3588	rundll32.exe	rundll32.exe
PID 3588 wrote to memory of 2920	3588	rundll32.exe	rundll32.exe
PID 3588 wrote to memory of 2920	3588	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5270c00d530f88e74d62a44cfcada6f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5270c00d530f88e74d62a44cfcada6f0_NeikiAnalytics.dll,#1
2⤵
PID:2920