8b07af7967bee4f2924af1be2108b2a79fca4892da3027afcb240b9aa2cbcdf9

Analysis

max time kernel
92s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 00:44

Target

8ed017c6848bd940df609ef72d740c00_NeikiAnalytics.dll
Size

6KB
MD5

8ed017c6848bd940df609ef72d740c00
SHA1

a25112c00d2e6a23ab83af8f4f68c4fdb0c00fce
SHA256

8b07af7967bee4f2924af1be2108b2a79fca4892da3027afcb240b9aa2cbcdf9
SHA512

55de05a8fe049dbe69477f87b4ed4f8c9a9a75a0481ba496fe18c7fabfa1f5cfa8dab9d9febff25be91abc46ee88acce4d1171cfaf77fe2e728aabbb9923d64c
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIVisHX2sSsvWYoxess3Slnao5L:unSR6bgYgXbollx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2284	1060	rundll32.exe	84
PID 1060 wrote to memory of 2284	1060	rundll32.exe	84
PID 1060 wrote to memory of 2284	1060	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ed017c6848bd940df609ef72d740c00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ed017c6848bd940df609ef72d740c00_NeikiAnalytics.dll,#1
  2⤵
  PID:2284