cc3938a29a21551e74d077ffef508dd8d79bd6c25ead241b59df5a9c41725389

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 23:05

Target

22d99ae4b92bd93a5c5adabbb6db3a40_NeikiAnalytics.dll
Size

81KB
MD5

22d99ae4b92bd93a5c5adabbb6db3a40
SHA1

9212e4425721618234afaac180dbcb3d8a24e737
SHA256

cc3938a29a21551e74d077ffef508dd8d79bd6c25ead241b59df5a9c41725389
SHA512

c05a8070ce2739436e4bd6fefadfc7f4cdb6dab64c1cf9d55b64fd8d028be2e9a31a882120ea8b20b128751fbd78919b8dbc8b2a58c6dcac1daac7a855fcb5ab
SSDEEP

1536:CtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Ww:C4v4JKXTx71w0ArSsXF3enq8Ww

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 4852	3336	rundll32.exe	83
PID 3336 wrote to memory of 4852	3336	rundll32.exe	83
PID 3336 wrote to memory of 4852	3336	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22d99ae4b92bd93a5c5adabbb6db3a40_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22d99ae4b92bd93a5c5adabbb6db3a40_NeikiAnalytics.dll,#1
  2⤵
  PID:4852