f9e5359bc31fa1ef876099f3dee5a288df77632212e20c4027bc5138a0ed2cd1

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:10

Target

543ddd3315b65b6b3dc18c4d171e9dd0_NeikiAnalytics.dll
Size

81KB
MD5

543ddd3315b65b6b3dc18c4d171e9dd0
SHA1

a6ff676f9098a1e8d37f4f488ac070b4ab2aeca4
SHA256

f9e5359bc31fa1ef876099f3dee5a288df77632212e20c4027bc5138a0ed2cd1
SHA512

15712a27ad90fa4f3f120dfe9bc836a7b226ec7f38720ba808a877a8ca0e769548c58028985b649fba8b2d50609b5ecd9067b3bf9c02cbd64049ac1fd8eee777
SSDEEP

1536:ZtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wd:Z4v4JKXTx71w0ArSsXF3enq8Wd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5080 wrote to memory of 1388	5080	rundll32.exe	rundll32.exe
PID 5080 wrote to memory of 1388	5080	rundll32.exe	rundll32.exe
PID 5080 wrote to memory of 1388	5080	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\543ddd3315b65b6b3dc18c4d171e9dd0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\543ddd3315b65b6b3dc18c4d171e9dd0_NeikiAnalytics.dll,#1
2⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3760 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:2072