69a6a0f5b5ecb447ddc528327a5a66f73124642d19d8d3ede231b380d6df2d3f

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 13:44

Target

69a6a0f5b5ecb447ddc528327a5a66f73124642d19d8d3ede231b380d6df2d3f_NeikiAnalytics.dll
Size

34KB
MD5

52cd0e5ae8ae07c02c3f7d72b9c89c40
SHA1

31f81f122a9962a3c4f7e18d5e89e06da012bc7f
SHA256

69a6a0f5b5ecb447ddc528327a5a66f73124642d19d8d3ede231b380d6df2d3f
SHA512

c27385c7b0273879b943cba555113fff5c0ae5953e61fa9b3a58d12b3875760b309605cc3dcf660641714571a05f6accaef4a234df4c94926fcd5da4cf2e33ed
SSDEEP

768:O0ZQsFFb9coQJzyrtwKEN4mkCdHsrYhqpgYHbn1:OWQYEoyzGCKEN4mkYHsrNHR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 4460	4684	rundll32.exe	81
PID 4684 wrote to memory of 4460	4684	rundll32.exe	81
PID 4684 wrote to memory of 4460	4684	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\69a6a0f5b5ecb447ddc528327a5a66f73124642d19d8d3ede231b380d6df2d3f_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\69a6a0f5b5ecb447ddc528327a5a66f73124642d19d8d3ede231b380d6df2d3f_NeikiAnalytics.dll,#1
  2⤵
  PID:4460