ab2822a7c0c2170c01435bc4f0b007ea76e812d73078431e8e7c58359e1de19d

Analysis

max time kernel
129s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 08:02

Target

4bedfc2ea5783aebe33c5778f6162900_NeikiAnalytics.dll
Size

39KB
MD5

4bedfc2ea5783aebe33c5778f6162900
SHA1

518964463931069fc0e5b53b121a63fe61b8dbe3
SHA256

ab2822a7c0c2170c01435bc4f0b007ea76e812d73078431e8e7c58359e1de19d
SHA512

28e175a1dddaf26b4bb01885a356d5b5ebbe4a0a9156016e8a78560b6ed4837f216335d5bc8f9d548f87e971ffda415bec8c1bd7a556b58fdce20cf67ad4ea2d
SSDEEP

384:tdhp4soBqNPkZN0U9cVjAc1nw8eXzzlzYV4UZJuQsKgGPWjoWQLVx4wl1q//0Gfd:tdb1kZNTyVj98YyIxsPOUf8iPHdz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 380	4592	rundll32.exe	83
PID 4592 wrote to memory of 380	4592	rundll32.exe	83
PID 4592 wrote to memory of 380	4592	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bedfc2ea5783aebe33c5778f6162900_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bedfc2ea5783aebe33c5778f6162900_NeikiAnalytics.dll,#1
  2⤵
  PID:380