98c1895816405b94a8c4d71a37feea7104c1ecdfbfbecb609b9129e8bd2bf284

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 22:41

Target

09a1a4ec65a71b177b1a43cda0d460b0_NeikiAnalytics.dll
Size

158KB
MD5

09a1a4ec65a71b177b1a43cda0d460b0
SHA1

0b6ff856f37a82266c8beff44dc811d06d6c7065
SHA256

98c1895816405b94a8c4d71a37feea7104c1ecdfbfbecb609b9129e8bd2bf284
SHA512

bb9202a93f8880b72a463c7ad3eea9b8d2acb841e718a1dc364655adc56dc2e6149f992a54f754b39ce86536f91d5ff3621d599be0cc66b419b66ab37046cc90
SSDEEP

3072:g1Vvp2awa9G533iNcAHR3Zss/Qay+c1HlOAu5iI:Gvp2a39XR3Os/PqFOA/I

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2244	1636	rundll32.exe	81
PID 1636 wrote to memory of 2244	1636	rundll32.exe	81
PID 1636 wrote to memory of 2244	1636	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09a1a4ec65a71b177b1a43cda0d460b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09a1a4ec65a71b177b1a43cda0d460b0_NeikiAnalytics.dll,#1
  2⤵
  PID:2244