ccda949b044099113bcf0a85379889b4fb43399bf7981fcadfc253172c375921

Analysis

max time kernel
129s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 03:56

Target

75face19a1a74adf813d50b298498f10_NeikiAnalytics.dll
Size

111KB
MD5

75face19a1a74adf813d50b298498f10
SHA1

619383a367720c19604fbbb28378d32982671d65
SHA256

ccda949b044099113bcf0a85379889b4fb43399bf7981fcadfc253172c375921
SHA512

63744fe3d7cfbc5c079177b8ea461618e01bcd513fa064d3aedb4ea082365496fcc37025086829d7878108e3e0ea93923257a907b7e7b4e9bbeafe368c99d9a8
SSDEEP

3072:xnL7Ot6WLta8ptY9+GRkor1/z6Sbe+jmsPANf:RAtawtYBzr1WthyANf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 4292	3016	rundll32.exe	82
PID 3016 wrote to memory of 4292	3016	rundll32.exe	82
PID 3016 wrote to memory of 4292	3016	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75face19a1a74adf813d50b298498f10_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\75face19a1a74adf813d50b298498f10_NeikiAnalytics.dll,#1
  2⤵
  PID:4292