9802c21d52f5173b1a523b9032a6af327fd183f1d25794e51e9d774e7aef6bac

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 12:31

Target

9802c21d52f5173b1a523b9032a6af327fd183f1d25794e51e9d774e7aef6bac_NeikiAnalytics.dll
Size

7KB
MD5

0f2d91c1f7315d7f07ae64f79f271340
SHA1

516c7eaecd3bcbdedd3ab59f7fa3646a20127d63
SHA256

9802c21d52f5173b1a523b9032a6af327fd183f1d25794e51e9d774e7aef6bac
SHA512

e40b2c0b567a8d1f5f9898ddf957c1243898fb0af1442707f4ad0bd7126c8386f270c638b04d29ff8c0d970bad1caccf7f0de0da6d3ced6fa318d7eac9af000b
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWHKUbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbP1rq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1428	1568	rundll32.exe	81
PID 1568 wrote to memory of 1428	1568	rundll32.exe	81
PID 1568 wrote to memory of 1428	1568	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9802c21d52f5173b1a523b9032a6af327fd183f1d25794e51e9d774e7aef6bac_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9802c21d52f5173b1a523b9032a6af327fd183f1d25794e51e9d774e7aef6bac_NeikiAnalytics.dll,#1
  2⤵
  PID:1428