3700cffbc5db8999014e01302e9e56f4363ab8d5ddac1df6a35c0abec487c756

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 06:08

Target

67a075bf474ec69c23fb1def8b43b1d0_NeikiAnalytics.dll
Size

5KB
MD5

67a075bf474ec69c23fb1def8b43b1d0
SHA1

97643951cc23189dcda1c4d8039ce5b181521a3d
SHA256

3700cffbc5db8999014e01302e9e56f4363ab8d5ddac1df6a35c0abec487c756
SHA512

15c9fed76313f8575cc6dd84b3faad145ef160bcb2136bb8edb0ae00dc8b803abcb557160be8f45eebee14f23372cc4bf88d7abe8dfff7f044efde95953e7615
SSDEEP

48:SWkO0IoyTnXz+ihZjok5nVN4DeGCGXT/uPeIwOdWwXAX0xeWGmmQ0z4:ZJTnXzvoktVNe5CGytWwzgWAs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 3256	804	rundll32.exe	83
PID 804 wrote to memory of 3256	804	rundll32.exe	83
PID 804 wrote to memory of 3256	804	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67a075bf474ec69c23fb1def8b43b1d0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67a075bf474ec69c23fb1def8b43b1d0_NeikiAnalytics.dll,#1
  2⤵
  PID:3256