1a9dda6b997b8eb3d8e3a5a0773c5b4cec2055a5875f08514cd1da716ccbec5c

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 07:00

Target

7a835fcb3634413c1c74c605acdc2f20_NeikiAnalytics.dll
Size

81KB
MD5

7a835fcb3634413c1c74c605acdc2f20
SHA1

d0063be3fe54031cfd5096e141a4c98fdfb94b90
SHA256

1a9dda6b997b8eb3d8e3a5a0773c5b4cec2055a5875f08514cd1da716ccbec5c
SHA512

85d95c138162e448d24c4b4c32b52c5e3152710a5c3aaf9058ff8fab9f70cb4d3adfd1083407facd573a38094c0bf9cb7003da04fee0958942c3a3ea65320dcc
SSDEEP

1536:ntByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W0:n4v4JKXTx71w0ArSsXF3enq8W0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 5004	652	rundll32.exe	90
PID 652 wrote to memory of 5004	652	rundll32.exe	90
PID 652 wrote to memory of 5004	652	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a835fcb3634413c1c74c605acdc2f20_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a835fcb3634413c1c74c605acdc2f20_NeikiAnalytics.dll,#1
  2⤵
  PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4172