937f0b88253a278f23b71b261cec540233b950069fb3f677ecc803aa9b6c432e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:13

Target

757c80496c40beca832db11e5f398970_NeikiAnalytics.dll
Size

6KB
MD5

757c80496c40beca832db11e5f398970
SHA1

7383f5cf206d37b0bcd33111fe33cdfa73c95a53
SHA256

937f0b88253a278f23b71b261cec540233b950069fb3f677ecc803aa9b6c432e
SHA512

9083a250441d6208448a35fbc20e9a2af0fdbf85e8fb4f945199b010ca8493a60ea71a59e1e323db842a756cab991c6543a74a7a82d7832edcfbafadf0859d65
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIhlgfcUBbKS+XDxC714k2n/4ufMtjLINIF:unSR6bgYZE/Q71liAXM2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3376 wrote to memory of 2796	3376	rundll32.exe	rundll32.exe
PID 3376 wrote to memory of 2796	3376	rundll32.exe	rundll32.exe
PID 3376 wrote to memory of 2796	3376	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\757c80496c40beca832db11e5f398970_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3376

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\757c80496c40beca832db11e5f398970_NeikiAnalytics.dll,#1
2⤵
PID:2796