1d3b4b32174ed915c16f2b008affb5be7dda55181dfe8331463d693a3e2016c7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 06:28

Target

5d5234fdeeebcfd3ab4940e1a43e9e00_NeikiAnalytics.dll
Size

81KB
MD5

5d5234fdeeebcfd3ab4940e1a43e9e00
SHA1

d7b5a06b405341bf9c29f128d719038dcb90978e
SHA256

1d3b4b32174ed915c16f2b008affb5be7dda55181dfe8331463d693a3e2016c7
SHA512

9034bca10a8b88b6d270dea35b877ef6ee6a4239e46f19ccf36423ba1e488d3a1c3d179609b64c419c82b612da4cf3e2c4a575871afad09de772e7f47c8b2d9d
SSDEEP

1536:TtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wv:T4v4JKXTx71w0ArSsXF3enq8Wv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 4588	3460	rundll32.exe	83
PID 3460 wrote to memory of 4588	3460	rundll32.exe	83
PID 3460 wrote to memory of 4588	3460	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d5234fdeeebcfd3ab4940e1a43e9e00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d5234fdeeebcfd3ab4940e1a43e9e00_NeikiAnalytics.dll,#1
  2⤵
  PID:4588