2cd406403a0bb9a1a0210a4a4b376ebc22e04b58c9410793c76b2fe78a6f72f9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 06:55

Target

9f5f2fc791f9d282ba243d2d22adc250_NeikiAnalytics.dll
Size

6KB
MD5

9f5f2fc791f9d282ba243d2d22adc250
SHA1

6139a2916be268528fc856f5eb7537e21cdbedfb
SHA256

2cd406403a0bb9a1a0210a4a4b376ebc22e04b58c9410793c76b2fe78a6f72f9
SHA512

f194710026b9ba4c50319b44f53dc74816d44ec5c896bbb3387195c95f434df4446f8e80f76e9942a3161163804b2381bc0620d2d0699f194bec9681cf60e72e
SSDEEP

96:hy859x0P8MareU9tHYEH/I0htbDtpFrP4FqgaZ99//592mGkY6pDUsC:F5oLieUD4EH/I0hFFT4FtaZr//5I0y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 4488	1780	rundll32.exe	83
PID 1780 wrote to memory of 4488	1780	rundll32.exe	83
PID 1780 wrote to memory of 4488	1780	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f5f2fc791f9d282ba243d2d22adc250_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f5f2fc791f9d282ba243d2d22adc250_NeikiAnalytics.dll,#1
  2⤵
  PID:4488