afb84f1995c32b3a0fb72a76560a9577849bebc9a7a376afb2ee8d9b46b06398

Analysis

max time kernel
94s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 18:51

Target

af129b9cbe5c9ca2450a54978711caf0_NeikiAnalytics.dll
Size

71KB
MD5

af129b9cbe5c9ca2450a54978711caf0
SHA1

c6da862d7add5e604893c9b9294d8bb5c44b51b5
SHA256

afb84f1995c32b3a0fb72a76560a9577849bebc9a7a376afb2ee8d9b46b06398
SHA512

dab7509043b6dfb1b0111e9bdce5f831e58da8145759cb646bf2be6cb1241b5049fc2f1820a39743a18843282c87b7fda8bcff070ac9b0364c77f0c03d437101
SSDEEP

1536:AsNATdVAMim8XBqgHgGvYYuOSSO9GDeSZSK5Uz:jATduMyxAguXn9GDZSK5Uz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 3956	3996	rundll32.exe	84
PID 3996 wrote to memory of 3956	3996	rundll32.exe	84
PID 3996 wrote to memory of 3956	3996	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af129b9cbe5c9ca2450a54978711caf0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af129b9cbe5c9ca2450a54978711caf0_NeikiAnalytics.dll,#1
  2⤵
  PID:3956