d62c80a11d2aabbed2caf4472c33613b961c7e981c2cd3860aaaea15050617b7

Analysis

max time kernel
130s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:59

Target

679a3d09c0623d58d08d3ea071ca1820_NeikiAnalytics.dll
Size

5KB
MD5

679a3d09c0623d58d08d3ea071ca1820
SHA1

440f0021f66015f516e29a6178fd605435e1b695
SHA256

d62c80a11d2aabbed2caf4472c33613b961c7e981c2cd3860aaaea15050617b7
SHA512

28b6f0d26d237c2c29005c5b380e62eb720a5a29893790fce421b425872fe16a643bfeff9cf56abd6fb43046c6e34211b45f1493607a660f03bbe487261c9043
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqF25vRno/ShEy8+mtkim+ftPoPvjOoqjYS1:hy859x0P8MaFkMSeyDim+Vga4SJi0cE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4736 wrote to memory of 4036	4736	rundll32.exe	rundll32.exe
PID 4736 wrote to memory of 4036	4736	rundll32.exe	rundll32.exe
PID 4736 wrote to memory of 4036	4736	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\679a3d09c0623d58d08d3ea071ca1820_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\679a3d09c0623d58d08d3ea071ca1820_NeikiAnalytics.dll,#1
2⤵
PID:4036