dba1c68c6baf3cd63ba350e66c5d547762806b82f84a47de8b0eeb98d82bf93e

Analysis

max time kernel
93s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 16:12

Target

b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll
Size

7KB
MD5

b21a84ec87659405410ddcc09c91ef90
SHA1

2f0404bf78971f5cdd89e743e2cfdd3ff8821b68
SHA256

dba1c68c6baf3cd63ba350e66c5d547762806b82f84a47de8b0eeb98d82bf93e
SHA512

f28bde91250f5cc2bb5cb44915710df76947bfc0c5980a2d01ea4fafbafae1a77c6cc02d18c937342edc604ffc053731b65b1facb18453bcb8df15c43dd9b74d
SSDEEP

192:unSR6bgYnjkHxvxt6ruzLtkeZCuZDOg828szvbv:uZAx24zZCuZD+9Wbv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 940	2836	rundll32.exe	84
PID 2836 wrote to memory of 940	2836	rundll32.exe	84
PID 2836 wrote to memory of 940	2836	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll,#1
  2⤵
  PID:940