fa23e126f548fb2f805f73acf236f9499621a036858d5e54320bde96d57ef413

Analysis

max time kernel
133s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:05

Target

3b6e30fe35839208838ca7579b9b7090_NeikiAnalytics.dll
Size

5KB
MD5

3b6e30fe35839208838ca7579b9b7090
SHA1

89aac6f152fd8dbca4182b7f095e85a49ada0ab1
SHA256

fa23e126f548fb2f805f73acf236f9499621a036858d5e54320bde96d57ef413
SHA512

83227ea71cf56b2b37827150b9828023f954ebb326c05b3db8d36c97e2ff023218cc4dbb2cd32d31fa5c9f0f2bbcecff7c4e16b25597567e7e11052b01545d6e
SSDEEP

96:hy859x0P8Ma45FgpG/xvkAvkQO43EzJkUG:F5oLX5mU/tkAvDO43EzJq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2540 wrote to memory of 1988	2540	rundll32.exe	rundll32.exe
PID 2540 wrote to memory of 1988	2540	rundll32.exe	rundll32.exe
PID 2540 wrote to memory of 1988	2540	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6e30fe35839208838ca7579b9b7090_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6e30fe35839208838ca7579b9b7090_NeikiAnalytics.dll,#1
  2⤵
  PID:1988