758e4d901c946a2744aeaad28c8f6367c577ca373a1bd636f59f7fbf7152eb3b

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:45

Target

0b6288d51ff5ae1b5a404ee7bbca60d0_NeikiAnalytics.dll
Size

5KB
MD5

0b6288d51ff5ae1b5a404ee7bbca60d0
SHA1

016f3c9b65871604f8490e68c7266582b061e028
SHA256

758e4d901c946a2744aeaad28c8f6367c577ca373a1bd636f59f7fbf7152eb3b
SHA512

af9b606fb59cb82d728ebac1dfe2686603bcc9aafa1f06059b799ef6d73d15ed330581411904673d41c193e2d0bbee67ce8faa54acc196d800fc173a069e65f4
SSDEEP

48:SWkO0IoyTnXz+ihZjokGxrf6JQ8SJWuigRp3hvVEK5sbLWEfGMxe7BJa/TKwkHI7:ZJTnXzvokiubuiEp3h9n2WEOpa+BM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1196 wrote to memory of 2868	1196	rundll32.exe	rundll32.exe
PID 1196 wrote to memory of 2868	1196	rundll32.exe	rundll32.exe
PID 1196 wrote to memory of 2868	1196	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b6288d51ff5ae1b5a404ee7bbca60d0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b6288d51ff5ae1b5a404ee7bbca60d0_NeikiAnalytics.dll,#1
  2⤵
  PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:1584