9dbd241e93b4c2727928ab1b57f4e9e578e542989549045184d3db82fc6a1c40

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 15:07

Target

9dbd241e93b4c2727928ab1b57f4e9e578e542989549045184d3db82fc6a1c40_NeikiAnalytics.dll
Size

6KB
MD5

45ca469d3a6f8d564fd39bdd8a59eb00
SHA1

71fec42a63b622c0ac796373cda257d83c673be2
SHA256

9dbd241e93b4c2727928ab1b57f4e9e578e542989549045184d3db82fc6a1c40
SHA512

3fd9a5a9f90b110ddf3e9b78240dab01e44bda7aa10dd805a25bf79b80c45a7a945b009a1c4f55b628321695a31e69426d6fcd88ddade5f67abe1ddd8286d1d3
SSDEEP

48:6WQV5YVOqtV0H1pw9ygYVUG0JB+BDq9J5SC:8qtV0HAr4IB+FqX5SC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 4336	1652	rundll32.exe	82
PID 1652 wrote to memory of 4336	1652	rundll32.exe	82
PID 1652 wrote to memory of 4336	1652	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dbd241e93b4c2727928ab1b57f4e9e578e542989549045184d3db82fc6a1c40_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dbd241e93b4c2727928ab1b57f4e9e578e542989549045184d3db82fc6a1c40_NeikiAnalytics.dll,#1
  2⤵
  PID:4336