1b7b22eedcc24c42d10ab75906fbcebc434ec49d321951f635aefc076c3adf03

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 01:14

Target

1b7b22eedcc24c42d10ab75906fbcebc434ec49d321951f635aefc076c3adf03_NeikiAnalytics.dll
Size

923KB
MD5

81e1fe023656ce2147a226a0d8afdc10
SHA1

f8340e3d71d3ea8155732782f7851a7ce4d78e34
SHA256

1b7b22eedcc24c42d10ab75906fbcebc434ec49d321951f635aefc076c3adf03
SHA512

51626c176e702b6adfb98a1871cabd7b42c2c436d419e73fc9cb0887de997ea958ee3d1bd9ec7ec9ba66c26183a846fb394fe5b9855f21bbf1195c4fd25d350f
SSDEEP

24576:qIF33ebo2hyykBmvBgB8Ve9yu2U0EDFTC3jZ:q7gBH2UJFTC3jZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 3888	2880	rundll32.exe	82
PID 2880 wrote to memory of 3888	2880	rundll32.exe	82
PID 2880 wrote to memory of 3888	2880	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b7b22eedcc24c42d10ab75906fbcebc434ec49d321951f635aefc076c3adf03_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b7b22eedcc24c42d10ab75906fbcebc434ec49d321951f635aefc076c3adf03_NeikiAnalytics.dll,#1
  2⤵
  PID:3888