3432c01e1e31f5e83c7c373b2305490c77751a390ea42444e64a85f44f1ebf01

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 22:00

Target

71bd9fc94f34c70345a192f1a54fcdc0_NeikiAnalytics.dll
Size

135KB
MD5

71bd9fc94f34c70345a192f1a54fcdc0
SHA1

09398796f3e3ffac828fd48bcdabadaeb5b242d5
SHA256

3432c01e1e31f5e83c7c373b2305490c77751a390ea42444e64a85f44f1ebf01
SHA512

5314231b3406294b4dd98be0ac9fd37f682d5b28c8b2419453b6238f910018f05d588dbb8f5c773aa9a9fae65e4ac4dccc3af1b68f6504e2e536eb536ad73cc5
SSDEEP

1536:s7HrZtZ6sR8bl+fp1STKlbm29jKfu8/QkXTMnbB3JJmn67FoIuA76L2:UdLoblxml6yjiumTC3JJmn67FoIB76

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 4788	1228	rundll32.exe	82
PID 1228 wrote to memory of 4788	1228	rundll32.exe	82
PID 1228 wrote to memory of 4788	1228	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71bd9fc94f34c70345a192f1a54fcdc0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\71bd9fc94f34c70345a192f1a54fcdc0_NeikiAnalytics.dll,#1
  2⤵
  PID:4788