f0a15a0f266cb51c457ea808563ab99d0aed4224ed41eaa7902c082be339b804

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 15:49

Target

430fb63e95bc43c90a07d52efaccd0e0_NeikiAnalytics.dll
Size

1.0MB
MD5

430fb63e95bc43c90a07d52efaccd0e0
SHA1

3b0a4e5149e3606880c284ce69e41b3fb880e25f
SHA256

f0a15a0f266cb51c457ea808563ab99d0aed4224ed41eaa7902c082be339b804
SHA512

aecb5c7ba9676b91341ebcd2a942e406d76eb8419397cca363f9e59e157506f672498f94d1e4dfed5765abc802d5c2f95484e3f862a3779daf35dbfc5e7dd93d
SSDEEP

12288:N7bE2CH0lXtMnZO9IZkNAcpCG5MN24FoQ4H5M1qHcMZAOFZQ3K8ZkuOotnVx:NlCHyt4O9gcpPMNVqe1q8MeOBfw/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 1368	2096	rundll32.exe	83
PID 2096 wrote to memory of 1368	2096	rundll32.exe	83
PID 2096 wrote to memory of 1368	2096	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\430fb63e95bc43c90a07d52efaccd0e0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\430fb63e95bc43c90a07d52efaccd0e0_NeikiAnalytics.dll,#1
  2⤵
  PID:1368