6c62cbaf90627479667b1ff687bea69b537bda36929bac2174e794da4d19de07

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 06:50

Target

9b788efc57c284962387b23f294672f0_NeikiAnalytics.dll
Size

6KB
MD5

9b788efc57c284962387b23f294672f0
SHA1

a4fa43d4db6b5c0ac0e3ccfa23fd8fbc01d6abbf
SHA256

6c62cbaf90627479667b1ff687bea69b537bda36929bac2174e794da4d19de07
SHA512

e44a5d4b470245ba9e32ff4dd43d0c7365dda8efcb698a63c1a547eeee1a135bc4c2504a563c7e1413fcb3845d6f9b1629d47fd140e67c31364a8f8b103ed750
SSDEEP

96:FtrRdrY0x7+PZAV+L/xvtmv4k0S3mzbXJUjuFxCH3xY5TA+cXcg+0W:Ft11+PjtvtiELzdUcCR+cv+7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2472	1600	rundll32.exe	89
PID 1600 wrote to memory of 2472	1600	rundll32.exe	89
PID 1600 wrote to memory of 2472	1600	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b788efc57c284962387b23f294672f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b788efc57c284962387b23f294672f0_NeikiAnalytics.dll,#1
  2⤵
  PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3812,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:8
1⤵
PID:1584