25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 00:43

Target

25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff_NeikiAnalytics.dll
Size

325KB
MD5

8b217a8e87b4b0408aca33b325935970
SHA1

02f981f7bc2ad30caef25e8d8682d2600c0ddc91
SHA256

25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff
SHA512

312b3ad3535574ffc1f88ed8d9fc1cc35e25fb4639de90cfc37239f64eeb0c640381d7910991a3e92a28f51892a23fbb86cfc89616c316700a448c1f43985d8d
SSDEEP

6144:gLxclrMwyZy5l/Jt1d/7wNXd5oCX1MYDdaRv21j9Rl1NnNf+b3wG7h+ALvQ:wyrM1MhTUXlFcSj3lpfuYW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 2324	5036	rundll32.exe	83
PID 5036 wrote to memory of 2324	5036	rundll32.exe	83
PID 5036 wrote to memory of 2324	5036	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff_NeikiAnalytics.dll,#1
  2⤵
  PID:2324