4709788ebc402eb5633f66d9c534b14b3ceb09a738b3f6b8011affe755bf1f2f

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 03:42

Target

4709788ebc402eb5633f66d9c534b14b3ceb09a738b3f6b8011affe755bf1f2f_NeikiAnalytics.dll
Size

156KB
MD5

bf448e6fed9a08c3f4fe1bfc6fb6fa70
SHA1

2893efec58eea8bf8fa2ddd26846723943fa8466
SHA256

4709788ebc402eb5633f66d9c534b14b3ceb09a738b3f6b8011affe755bf1f2f
SHA512

55562ed5f6c2d4f81fbbb3c9e9f170fbc49a3c16c274be645c4029e6ddf4a63f731a847db84d75e2f8ab67b8e8ca9e3a84c6d7eb1be6784c58ab005d6bb622ac
SSDEEP

3072:z38XBrwkaz8oGuRLMoIgt8OPHq0tCsE/MJFOySlpQ2w+M:z3m5wDzhGwLMF4qtPukQ/+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 4048	1532	rundll32.exe	83
PID 1532 wrote to memory of 4048	1532	rundll32.exe	83
PID 1532 wrote to memory of 4048	1532	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4709788ebc402eb5633f66d9c534b14b3ceb09a738b3f6b8011affe755bf1f2f_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4709788ebc402eb5633f66d9c534b14b3ceb09a738b3f6b8011affe755bf1f2f_NeikiAnalytics.dll,#1
  2⤵
  PID:4048