1caa5150998b7bb9cd3d845396c77d59a87eb4e12cd23e8202ef956f3fd34cbb

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 21:49

Target

1caa5150998b7bb9cd3d845396c77d59a87eb4e12cd23e8202ef956f3fd34cbb_NeikiAnalytics.dll
Size

7KB
MD5

9edb76582b079c2954f6b83d5aaa8810
SHA1

6506fcd544ea8ec357941086c3d3f4399ed7e2c5
SHA256

1caa5150998b7bb9cd3d845396c77d59a87eb4e12cd23e8202ef956f3fd34cbb
SHA512

43de8c6ca8c3517b22e734df5b34501c5e618974fab1c33ef2a45c4b44a23d79e2fa5d0af9f8edea1ce0cdd5075d65e129b066eaf681e072a2c439ec067399c8
SSDEEP

96:wb4VHccYJUC/aFbz/j0OvaPo00d3cX5aXW:wUaJf/aFbP0OD002JaX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 2324	1828	rundll32.exe	81
PID 1828 wrote to memory of 2324	1828	rundll32.exe	81
PID 1828 wrote to memory of 2324	1828	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1caa5150998b7bb9cd3d845396c77d59a87eb4e12cd23e8202ef956f3fd34cbb_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1caa5150998b7bb9cd3d845396c77d59a87eb4e12cd23e8202ef956f3fd34cbb_NeikiAnalytics.dll,#1
  2⤵
  PID:2324