26f209e987cc7815fd53153e4700fc74ba36e615e8a84082206841dd1899c163

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 07:23

Target

f66960057f37faa5c655881e6798fa10_NeikiAnalytics.dll
Size

81KB
MD5

f66960057f37faa5c655881e6798fa10
SHA1

eccd371d4315803bf98010ee292cdfcb0d1d862d
SHA256

26f209e987cc7815fd53153e4700fc74ba36e615e8a84082206841dd1899c163
SHA512

e78d1e7b8f632417dc04ce30a2dcae07cb7b6af87e1cb8c8db4cae0477825a639b02fb08d3caada1af5418d5613529fdb37f9936ada239b0e980dfcf72e7a385
SSDEEP

1536:WtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wn:W4v4JKXTx71w0ArSsXF3enq8Wn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4676	4900	rundll32.exe	82
PID 4900 wrote to memory of 4676	4900	rundll32.exe	82
PID 4900 wrote to memory of 4676	4900	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f66960057f37faa5c655881e6798fa10_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f66960057f37faa5c655881e6798fa10_NeikiAnalytics.dll,#1
  2⤵
  PID:4676