ebc534a205040a2a693f6c136e0846a84f0531b912809f56f321a6a6a72302ae

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 10:37

Target

ad9ce498287c67371733b0da769fdb50_NeikiAnalytics.dll
Size

6KB
MD5

ad9ce498287c67371733b0da769fdb50
SHA1

858c2596925ecd651725cd1847149c136712bfe7
SHA256

ebc534a205040a2a693f6c136e0846a84f0531b912809f56f321a6a6a72302ae
SHA512

bfab21e25c2f0ec9a2cbd705ebe5e1195194df192daa071ee9388baffdeeed7e5f06faaded479dabd5d03a14206c6ffb00b08eac7d80819138541d587aa85532
SSDEEP

96:nEY2RrF1eqwi44oW3FpCsX8jJlwfl06fBvN:EHRh1epp4oW3FpCsX8jJlwfl06fBvN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 4036	3288	rundll32.exe	82
PID 3288 wrote to memory of 4036	3288	rundll32.exe	82
PID 3288 wrote to memory of 4036	3288	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad9ce498287c67371733b0da769fdb50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad9ce498287c67371733b0da769fdb50_NeikiAnalytics.dll,#1
  2⤵
  PID:4036