98cf4c3d0a8e456e0a31206e4cddeaf5b750088c0c3af1895665d744936eb329

Analysis

max time kernel
138s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 18:03

Target

98cf4c3d0a8e456e0a31206e4cddeaf5b750088c0c3af1895665d744936eb329_NeikiAnalytics.dll
Size

6KB
MD5

1d01f0070ff778f8d54db9f4682fe890
SHA1

8b58f73208ba36e44a2db6236af7c005425a0df1
SHA256

98cf4c3d0a8e456e0a31206e4cddeaf5b750088c0c3af1895665d744936eb329
SHA512

95983fa50a2ee4353bcd154ade426b35e3f06da6fc17bb2ecb539bd8b554e04bf1301a2d3e0582d7262cc84dc68a73894e4bca76cd01c2a15347bb9317427b92
SSDEEP

96:nEY2RrF1eqwi4xUwYX0UlS78/k17M/mL:EHRh1eppxUwyL88k1+mL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 3836	1108	rundll32.exe	82
PID 1108 wrote to memory of 3836	1108	rundll32.exe	82
PID 1108 wrote to memory of 3836	1108	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98cf4c3d0a8e456e0a31206e4cddeaf5b750088c0c3af1895665d744936eb329_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98cf4c3d0a8e456e0a31206e4cddeaf5b750088c0c3af1895665d744936eb329_NeikiAnalytics.dll,#1
  2⤵
  PID:3836