255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1

Analysis

max time kernel
92s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 22:17

Target

255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1_NeikiAnalytics.dll
Size

776KB
MD5

8d74d8fa9dec5987397de5bb957d05a0
SHA1

876d2819c88690fd5462902db74661cae82e9e3f
SHA256

255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1
SHA512

43c8c193b559f278cfba72d1746d4777accc11c2ea0f23bdde2eb4383419cc5ee96f21b1c2147558d24aa34d3459e447404ab5b5aeae9119191f0412c69530bc
SSDEEP

12288:/PzsnMRoHNbDc9mp1lfabK2xFGlyO1UuOk+wgdxN34gAGhqG4oEdYspVC:/CDCmpffoFxFO1Y13ABG4Ps

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 4528	436	rundll32.exe	81
PID 436 wrote to memory of 4528	436	rundll32.exe	81
PID 436 wrote to memory of 4528	436	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\255d8782c0d73ac9fc1555b3c05ef180f79ec15d989ac8b634cf70dab71cf4b1_NeikiAnalytics.dll,#1
  2⤵
  PID:4528