c50ad7a8f277a18a244fdfab0435b37cc647d24dbfb0103106fc48b4222d19fd

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 16:31

Target

be64727bedf5534a944e2993175ba260_NeikiAnalytics.dll
Size

81KB
MD5

be64727bedf5534a944e2993175ba260
SHA1

b7f9cd8885f767a37c0157c4add2cf4ddd02ac8f
SHA256

c50ad7a8f277a18a244fdfab0435b37cc647d24dbfb0103106fc48b4222d19fd
SHA512

a4a942b3f9de59b70b042912b4c0ac5f29fc3cda015d1f12f61dd7ed2e9b6a6506a65731045e879ca6c8d535502645ab23044bf31c09d813cbab4f8369532b99
SSDEEP

1536:jtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wf:j4v4JKXTx71w0ArSsXF3enq8Wf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 4860	4028	rundll32.exe	91
PID 4028 wrote to memory of 4860	4028	rundll32.exe	91
PID 4028 wrote to memory of 4860	4028	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be64727bedf5534a944e2993175ba260_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\be64727bedf5534a944e2993175ba260_NeikiAnalytics.dll,#1
  2⤵
  PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2384 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4444