8106efc3a15e73f590f29cc1b3918e3ac6458c01046629cb89119dfe1c464457

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 11:01

Target

8106efc3a15e73f590f29cc1b3918e3ac6458c01046629cb89119dfe1c464457_NeikiAnalytics.dll
Size

100KB
MD5

d2206dedb82d25ebcce012c1dc1a2780
SHA1

3df893018fdbcda7cd19adbc99f5870893f22b5e
SHA256

8106efc3a15e73f590f29cc1b3918e3ac6458c01046629cb89119dfe1c464457
SHA512

6bf9b6a9873b232ea9f10f44c010b4c45efcf8dcc2728d7e47ee6e618c12d66cd7916c020571184aebd8d1cefcdfdcd6b8092212532a0fd943ef21bdd2f43fe0
SSDEEP

96:qVd/l3VUep+oGxL8blHgRA+NfGT0L0V59J7zZ65BHa/iJStu+BQ5p/4IBQ5p/46o:Qpp+uvnOYlzZ6ba/iYXXeX/L7xgno

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 1988	1060	rundll32.exe	81
PID 1060 wrote to memory of 1988	1060	rundll32.exe	81
PID 1060 wrote to memory of 1988	1060	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8106efc3a15e73f590f29cc1b3918e3ac6458c01046629cb89119dfe1c464457_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8106efc3a15e73f590f29cc1b3918e3ac6458c01046629cb89119dfe1c464457_NeikiAnalytics.dll,#1
  2⤵
  PID:1988