0497220f624afafab860e4077476f4c63c361e79a289049215c9e29ea52d1438

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:20

Target

562275d63de7379a6e951c44bec01d80_NeikiAnalytics.dll
Size

4KB
MD5

562275d63de7379a6e951c44bec01d80
SHA1

9578e63a25342b3e48dab2ec7ec8440dc5e56692
SHA256

0497220f624afafab860e4077476f4c63c361e79a289049215c9e29ea52d1438
SHA512

77184b8f656da2fa538d31ea3fa3dbfd42c986ad9ad86a7eec44795b2a65095e546d5d461e0374ecce0012d536bf3980549a7996c5bf97ca06949eac7f7e3826
SSDEEP

48:SWkO0IoyTnXz+ihZjokubUyvrDNKw9phP1rJUDi77ND8m:ZJTnXzvokCRVR9TRJeYdB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2336 wrote to memory of 5008	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 5008	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 5008	2336	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\562275d63de7379a6e951c44bec01d80_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\562275d63de7379a6e951c44bec01d80_NeikiAnalytics.dll,#1
2⤵
PID:5008