082c2db178f25c2715a4ef21ce1d09f6dd106257476f6b5645b2cddbee0d69e2

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 03:03

Target

1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll
Size

2.0MB
MD5

1bc51fce95f4cb3a644d1d3a71ba9310
SHA1

f6e5178d52e9d6a396a8c9094cdc3a66410880b4
SHA256

082c2db178f25c2715a4ef21ce1d09f6dd106257476f6b5645b2cddbee0d69e2
SHA512

a700a505137f48dfcc52f92c482f5e5906383647b3c416c9b8cde1faabb4f551762972900bac80a6a2e10d85736d70378183e4985bb89c58f9dc3e1604f3e247
SSDEEP

49152:SE/4nJpHABvG0hM1RPFh5ksHQNU8EJq3RtdBi1:HEeURPFhasHQNU8EJqhrBK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 2276	208	rundll32.exe	83
PID 208 wrote to memory of 2276	208	rundll32.exe	83
PID 208 wrote to memory of 2276	208	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll,#1
  2⤵
  PID:2276