061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24

Analysis

max time kernel
51s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 21:33

Target

061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24_NeikiAnalytics.dll
Size

182KB
MD5

f8604ac7b9f2c67a508597b56e9248d0
SHA1

1523d067f74e02ad5c0ccf86239d382141c2e2bb
SHA256

061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24
SHA512

d28bc7817a9eabef8fcb728bd3015830a6f3c436ef170e1578c04a9bfa05e45da3239cf6e94f06647c99ae5c92f40ed809746c11e03307a5c73f3a2006dbefd7
SSDEEP

3072:x2UPVK2sJDBe9h9Sz4U+vLVQKCzCpxaO1x/k6o28y13VZZnrRuCE:x2UPA1DB29Sz41jVQzCXRVk6o28y13Vi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 5052	1344	rundll32.exe	81
PID 1344 wrote to memory of 5052	1344	rundll32.exe	81
PID 1344 wrote to memory of 5052	1344	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24_NeikiAnalytics.dll,#1
  2⤵
  PID:5052