3a52fe54c9c80c508dbbdef7f066f55b473cb4d00b8fc74e6e1dbe24ebd05a2d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 08:11

Target

93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll
Size

5KB
MD5

93f27251de83baa23533e5ad381ee350
SHA1

fb519bdd30cb03346f40a0a33fe11bb2dd0f67e8
SHA256

3a52fe54c9c80c508dbbdef7f066f55b473cb4d00b8fc74e6e1dbe24ebd05a2d
SHA512

6a49bf1ce43804bcc419faaa0ce96040c893fcc795c74f4db34d57bde26341b0af71e88b8e69a81476fc22dd8c8e8b400126d077d12819fa9ff8a524caa7c7a2
SSDEEP

96:hy859x0P8MapRKLEdnYGE12klwUrU7KiYOvPdEm:F5oL40sYGnkJKKO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 2660	8	rundll32.exe	83
PID 8 wrote to memory of 2660	8	rundll32.exe	83
PID 8 wrote to memory of 2660	8	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll,#1
  2⤵
  PID:2660