1f692657b7c90b91aa85a6df2fa1eb1266df97c6000c2de27b551b5166c3ec0c

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 11:32

Target

cff075f051ed550acf95681da7fee640_NeikiAnalytics.dll
Size

1.7MB
MD5

cff075f051ed550acf95681da7fee640
SHA1

ba7353d39e231c897b9380bae3b995ffe256ffeb
SHA256

1f692657b7c90b91aa85a6df2fa1eb1266df97c6000c2de27b551b5166c3ec0c
SHA512

d8db14c9a3030fb53df6fec1cac6416c64e0d74ffd1a38322dfa3ac238d707ba96085c52e77c4b07384274b8fc64da6dadc3d35da2ba2d423a9f98113f21eb66
SSDEEP

24576:vmA4EuEnRgc8+LUez2Qic2UpKailuDmVUJgPdlk0loH9F8955DTwZbDHlnKW:0h+Lnz27avD9SPdq4mc55DTQDHlnK

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3780	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 3780	3140	rundll32.exe	92
PID 3140 wrote to memory of 3780	3140	rundll32.exe	92
PID 3140 wrote to memory of 3780	3140	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cff075f051ed550acf95681da7fee640_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cff075f051ed550acf95681da7fee640_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4680