fc1cd3251f4760740c7af80486ee05aebdccef7ac5efc54e8825646f509b1834

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:09

Target

1427063ef31063c82f92c2621daab920_NeikiAnalytics.dll
Size

81KB
MD5

1427063ef31063c82f92c2621daab920
SHA1

0e4c97189324208a93aa678a7b7d829f8f55ce4f
SHA256

fc1cd3251f4760740c7af80486ee05aebdccef7ac5efc54e8825646f509b1834
SHA512

e02920d0148c9acf54b844feb4247655b99407f2af2d978803a75716668253cbd3a25dfacdde0a7fecce4493768a5e9c73520f8a73b0d977c3601c02ed184824
SSDEEP

1536:KtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WA:K4v4JKXTx71w0ArSsXF3enq8WA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3192 wrote to memory of 3068	3192	rundll32.exe	rundll32.exe
PID 3192 wrote to memory of 3068	3192	rundll32.exe	rundll32.exe
PID 3192 wrote to memory of 3068	3192	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1427063ef31063c82f92c2621daab920_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1427063ef31063c82f92c2621daab920_NeikiAnalytics.dll,#1
2⤵
PID:3068