33b53f607b88eff9041c71689bc6f092f3d33feebe353fd32cc6e73a91da3484

Analysis

max time kernel
135s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:50

Target

65c1869f6d52b40876f270bbd614b600_NeikiAnalytics.dll
Size

6KB
MD5

65c1869f6d52b40876f270bbd614b600
SHA1

924252a82c69d2134a89afa24ba81fdd2e4165af
SHA256

33b53f607b88eff9041c71689bc6f092f3d33feebe353fd32cc6e73a91da3484
SHA512

e8ea7388e80eaab24ad195721d0837de2cb859f3b48771a8a06c52ed9044c8ede0ea180fcd550ff80e0e2fd589f4e57c03d9b7a0a1a4341c9b3edacaab312521
SSDEEP

96:hy859x0P8MaBE1sX7yvX9epkypqMI/GkSIXEeq9:F5oLFsryv9oKGkvUp9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1432 wrote to memory of 4160	1432	rundll32.exe	rundll32.exe
PID 1432 wrote to memory of 4160	1432	rundll32.exe	rundll32.exe
PID 1432 wrote to memory of 4160	1432	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65c1869f6d52b40876f270bbd614b600_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65c1869f6d52b40876f270bbd614b600_NeikiAnalytics.dll,#1
2⤵
PID:4160