8a874b5fb5ac5213d9636dd53366317d0c22828e1221fefae2fcff94710b61eb

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 06:47

Target

8a874b5fb5ac5213d9636dd53366317d0c22828e1221fefae2fcff94710b61eb_NeikiAnalytics.dll
Size

27KB
MD5

cd1e37f764df8dccbdebb1b9057ffe80
SHA1

d380559e994be4e58e1650c153c59d41589e2944
SHA256

8a874b5fb5ac5213d9636dd53366317d0c22828e1221fefae2fcff94710b61eb
SHA512

96d38c3dc45c1da9c13c81e8412ded7bf3744e3235e3033a419052ebff507c769c34acad69a941c5b4da01a3f42c65500cbe648552e16caa8a425ef252e6ef79
SSDEEP

384:K8OXfh5/g0UU24JqM5Ojh6OiQlmtmNmB5paf8MpAogZXk03mirILu1jJbCaP:KlPX//UUAmOjTbjvpoZXkIILWVbCq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 2584	4496	rundll32.exe	81
PID 4496 wrote to memory of 2584	4496	rundll32.exe	81
PID 4496 wrote to memory of 2584	4496	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a874b5fb5ac5213d9636dd53366317d0c22828e1221fefae2fcff94710b61eb_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a874b5fb5ac5213d9636dd53366317d0c22828e1221fefae2fcff94710b61eb_NeikiAnalytics.dll,#1
  2⤵
  PID:2584