49b1de34be7d763ff84afcef4edbc0d1ec95c1dddf5023ab0ab2d1bcfd0f0cd6

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 04:06

Target

49b1de34be7d763ff84afcef4edbc0d1ec95c1dddf5023ab0ab2d1bcfd0f0cd6_NeikiAnalytics.dll
Size

51KB
MD5

c6c83a5986eaea372c4ed6d8455c3230
SHA1

0a30e2f42503b1c6d1665f75142815edab0d20d1
SHA256

49b1de34be7d763ff84afcef4edbc0d1ec95c1dddf5023ab0ab2d1bcfd0f0cd6
SHA512

39cf9c35bd238fa3feb418d54fa24d9c3bd99abfabfda96d76f40a7bdc8267fb9e08a031a896956617fe4de8377150342874576f6da756c1ab9acb0514db9fd1
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezxsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBmpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1772	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 1772	2868	rundll32.exe	82
PID 2868 wrote to memory of 1772	2868	rundll32.exe	82
PID 2868 wrote to memory of 1772	2868	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b1de34be7d763ff84afcef4edbc0d1ec95c1dddf5023ab0ab2d1bcfd0f0cd6_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b1de34be7d763ff84afcef4edbc0d1ec95c1dddf5023ab0ab2d1bcfd0f0cd6_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1772

memory/1772-0-0x0000000075260000-0x0000000075270000-memory.dmp

Filesize
64KB

Download