5a333fe0f9a54d34bc9822beb49bfbc1713b4616813efb6c77ed37fb6af3b81b

Analysis

max time kernel
130s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 18:39

Target

7d5fbcb05f57b7653906f93ba1f8ede0_NeikiAnalytics.dll
Size

111KB
MD5

7d5fbcb05f57b7653906f93ba1f8ede0
SHA1

0d0ce5183a3e75fd9c2aaa8439b729f38f29f973
SHA256

5a333fe0f9a54d34bc9822beb49bfbc1713b4616813efb6c77ed37fb6af3b81b
SHA512

3ddcbe1c934bc425ccfad60ec10fa324d128fb4306dd0377834afc7ac95121c5d5cd7d5a75880385d559b4f5f80b45a2b87f25e6c4c6f46250a119bb4f42f805
SSDEEP

3072:xnL7Ot6WLta8ptY9+GRkor1/z6Sbe+jmsPANP:RAtawtYBzr1WthyANP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 1472	3100	rundll32.exe	82
PID 3100 wrote to memory of 1472	3100	rundll32.exe	82
PID 3100 wrote to memory of 1472	3100	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d5fbcb05f57b7653906f93ba1f8ede0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d5fbcb05f57b7653906f93ba1f8ede0_NeikiAnalytics.dll,#1
  2⤵
  PID:1472