2ec96840d287bf4443871026e236033b5eb485fef60fe574bc33895f3f1dea8e

Analysis

max time kernel
136s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 07:56

Target

40e6fead36dd3be9b4aeab4d18b335b0_NeikiAnalytics.dll
Size

116KB
MD5

40e6fead36dd3be9b4aeab4d18b335b0
SHA1

4085ca010bd3bc1f10fddc77b4e344fb9069732c
SHA256

2ec96840d287bf4443871026e236033b5eb485fef60fe574bc33895f3f1dea8e
SHA512

6abd1d420da0d2163058cb1728ac06224533e0c10be5ebbddb6703900fef9bf55ee8e3e6ef543af2d17bcfe73073bcf67df9c0d6c3db8f4add006103aa6ccf06
SSDEEP

1536:PTHPQ952cX3O5/pJ1/H+OzHd7fPrMak4axZR:rPQ952BxfPrMaKZR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 2180	968	rundll32.exe	82
PID 968 wrote to memory of 2180	968	rundll32.exe	82
PID 968 wrote to memory of 2180	968	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e6fead36dd3be9b4aeab4d18b335b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e6fead36dd3be9b4aeab4d18b335b0_NeikiAnalytics.dll,#1
  2⤵
  PID:2180