93e9ddc24f1d948fe4f9f1e71f09628309bf600f085e195ee766261ae3482538

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 10:45

Target

93e9ddc24f1d948fe4f9f1e71f09628309bf600f085e195ee766261ae3482538_NeikiAnalytics.dll
Size

6KB
MD5

f822f0e9189bad663540af7000e619c0
SHA1

7955d3c9eb0ae6c0b6aabd9b19750a370dd5db26
SHA256

93e9ddc24f1d948fe4f9f1e71f09628309bf600f085e195ee766261ae3482538
SHA512

8f4059e5880325a4682253a14dfcb9f1d9d5b8167476a1e6cbe51249f8c30efea20d54619f8d2533ab76974a2a55d3a928a9c79a3b01b6270168e1abc421d6fa
SSDEEP

96:hy859x0P8MaO5BxVyGAhM6yeTilbzZLelr:F5oLxTyfi6yF/Z4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 3524	4488	rundll32.exe	80
PID 4488 wrote to memory of 3524	4488	rundll32.exe	80
PID 4488 wrote to memory of 3524	4488	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93e9ddc24f1d948fe4f9f1e71f09628309bf600f085e195ee766261ae3482538_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\93e9ddc24f1d948fe4f9f1e71f09628309bf600f085e195ee766261ae3482538_NeikiAnalytics.dll,#1
  2⤵
  PID:3524