b502f8a34812761bc73f22a9fa2c778a1aa0a8b610cc6d78dbe6023bb65ab45f

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 02:44

Target

5557347b1b7483143efae9c28f10d930_NeikiAnalytics.dll
Size

349KB
MD5

5557347b1b7483143efae9c28f10d930
SHA1

eb096a059dc4d6c22783695fb81f1b07633583c2
SHA256

b502f8a34812761bc73f22a9fa2c778a1aa0a8b610cc6d78dbe6023bb65ab45f
SHA512

cb718c7579f83cc9f4952856af2f52ed37277c35b9f1427b5be9491d71b9453293762c3705231ec894d6a301bf23d7a14ed4f51b2552f88eb04091c42005288c
SSDEEP

6144:xmWDVahPevzRCvi3gYy2JZjU9Y8U8HzmYsAZGY1IUKKkWTBYb6YEc:xmWMhPevzRCviQcZjC88Hzhs4GLVKkW1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 1312	2724	rundll32.exe	83
PID 2724 wrote to memory of 1312	2724	rundll32.exe	83
PID 2724 wrote to memory of 1312	2724	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5557347b1b7483143efae9c28f10d930_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5557347b1b7483143efae9c28f10d930_NeikiAnalytics.dll,#1
  2⤵
  PID:1312