3e0cce6f55987fdb9dec4f388009e1b28ff3cf201d67cc70a6231b1aa1a0d81b

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 16:52

Target

30e15a8ad98ccd3453564047dcc7e0c0_NeikiAnalytics.dll
Size

81KB
MD5

30e15a8ad98ccd3453564047dcc7e0c0
SHA1

f1fe9505a56ec01fa85d5d0ca1476782eed8b8a1
SHA256

3e0cce6f55987fdb9dec4f388009e1b28ff3cf201d67cc70a6231b1aa1a0d81b
SHA512

72bf69636d99b2fde3454b7d05f85716d81e17a61a5f346c602a553dba23d95075545dfd59da86fb9ace3594b7beba77986b20b8206d5ee55d319ecaa907b64d
SSDEEP

1536:7tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WN:74v4JKXTx71w0ArSsXF3enq8WN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 964	3420	rundll32.exe	92
PID 3420 wrote to memory of 964	3420	rundll32.exe	92
PID 3420 wrote to memory of 964	3420	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\30e15a8ad98ccd3453564047dcc7e0c0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\30e15a8ad98ccd3453564047dcc7e0c0_NeikiAnalytics.dll,#1
  2⤵
  PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:1884