76b7cd59438b15a4c49fbf227c9f062258e542caa92b83713b5e7d66b5b9c6ae

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 06:49

Target

b56b1de1c15c7bf2751d43f8d1fae610_NeikiAnalytics.dll
Size

81KB
MD5

b56b1de1c15c7bf2751d43f8d1fae610
SHA1

3100a8d1d706c0f7e24685e962f4638121e0fb9c
SHA256

76b7cd59438b15a4c49fbf227c9f062258e542caa92b83713b5e7d66b5b9c6ae
SHA512

e66b8b27f5d34752a25109876661ccab511690861c267f7d42721b6928f36ca303f1c280355538b2182994f6dee5dc377dead68387c1f2cd57354a05b1064833
SSDEEP

1536:ZtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W/:Z4v4JKXTx71w0ArSsXF3enq8W/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 2916	3640	rundll32.exe	89
PID 3640 wrote to memory of 2916	3640	rundll32.exe	89
PID 3640 wrote to memory of 2916	3640	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b56b1de1c15c7bf2751d43f8d1fae610_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b56b1de1c15c7bf2751d43f8d1fae610_NeikiAnalytics.dll,#1
  2⤵
  PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:3628