27050474e7add110f3753f4c2eac65f3c59f9b7d9a77ecb0eaddde3ef915aa35

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 22:27

Target

27050474e7add110f3753f4c2eac65f3c59f9b7d9a77ecb0eaddde3ef915aa35_NeikiAnalytics.dll
Size

131KB
MD5

78d68d970faf7874251c3340aa147bb0
SHA1

b33271f263ed2a709e24b1a636875d21655de717
SHA256

27050474e7add110f3753f4c2eac65f3c59f9b7d9a77ecb0eaddde3ef915aa35
SHA512

5d2e4c93342bc05664e6f4c6c04d7c1ee7cf84cc6740f853e7fbc7259119c8846b9cf0d593891bd8e95068c8acd9ab8ef8f9da745bddef1808bd6a592033be81
SSDEEP

3072:s3P/oLJOZdZNmdB2gB0YQbfEVHQUglPJSzJoyppZX:s//2MrZ0L2gO4V7VFpZX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 184 wrote to memory of 1524	184	rundll32.exe	86
PID 184 wrote to memory of 1524	184	rundll32.exe	86
PID 184 wrote to memory of 1524	184	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27050474e7add110f3753f4c2eac65f3c59f9b7d9a77ecb0eaddde3ef915aa35_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27050474e7add110f3753f4c2eac65f3c59f9b7d9a77ecb0eaddde3ef915aa35_NeikiAnalytics.dll,#1
  2⤵
  PID:1524