51858680311d189fc0395d23e19083a1c7092f8fb2f06ddb5f351e0826036ca1

Analysis

max time kernel
90s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 11:11

Target

7714e3d5db8b5f3dbcbf0d1b7c6a68b0_NeikiAnalytics.dll
Size

759KB
MD5

7714e3d5db8b5f3dbcbf0d1b7c6a68b0
SHA1

d7c764023ab6cba7c2fcd0795b04a30017ee9b30
SHA256

51858680311d189fc0395d23e19083a1c7092f8fb2f06ddb5f351e0826036ca1
SHA512

1b21460461f72609839d38012056181cf2e44b74905392ce0a44d20fa892257d8ff2506989094cd27b55bef065974a6b29797b3a66ed04d6fd446bc3a71b128c
SSDEEP

6144:n3OZWTgdzel31r0EOHe1bTmSy0s3dm8pdE58jcnzBBYa2+Cdy1cR9y21owiN94vx:nWQgYrr0EOHfoR58InXAF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3620	2416	rundll32.exe	86
PID 2416 wrote to memory of 3620	2416	rundll32.exe	86
PID 2416 wrote to memory of 3620	2416	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7714e3d5db8b5f3dbcbf0d1b7c6a68b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7714e3d5db8b5f3dbcbf0d1b7c6a68b0_NeikiAnalytics.dll,#1
  2⤵
  PID:3620