635c9e13aeb6af5c7e74197e6e5c1847bae1abf1fcd18cb11150120f624ca023

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:19

Target

4a7679c8e05d2cd855e9ff7fc16928a0_NeikiAnalytics.dll
Size

81KB
MD5

4a7679c8e05d2cd855e9ff7fc16928a0
SHA1

862146a88fab66e8d03745cd5f7138a72312af5e
SHA256

635c9e13aeb6af5c7e74197e6e5c1847bae1abf1fcd18cb11150120f624ca023
SHA512

dd43b61e8dd2b440348f10eff6a20c998fe40eb845f3261a6cee4dbf1e186a10940e46d98281e44cba50c2e8e5944b5f065b5f27d3270d7797f7102f54f0eae6
SSDEEP

1536:DtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wq:D4v4JKXTx71w0ArSsXF3enq8Wq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2636 wrote to memory of 3252	2636	rundll32.exe	rundll32.exe
PID 2636 wrote to memory of 3252	2636	rundll32.exe	rundll32.exe
PID 2636 wrote to memory of 3252	2636	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a7679c8e05d2cd855e9ff7fc16928a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a7679c8e05d2cd855e9ff7fc16928a0_NeikiAnalytics.dll,#1
  2⤵
  PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4132 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:3880