fc8d5f6009c8f4e2e3ef0b95f27301e7049aabe9804189aae1b013c7c43de75d

Analysis

max time kernel
131s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:47

Target

37dc5a399215959aaf121339215ba1d0_NeikiAnalytics.dll
Size

81KB
MD5

37dc5a399215959aaf121339215ba1d0
SHA1

3e8d69b29373cc32af3bbf4d245f97b03364e9bd
SHA256

fc8d5f6009c8f4e2e3ef0b95f27301e7049aabe9804189aae1b013c7c43de75d
SHA512

cd3827d9c9165123bfef66f6ea5d818f8669e8f8a2ea97d520c291fa01f50f9fbcbceaa8e7e904b4db3299a9a37004d847e190242e2de7ef905c2f3e36399726
SSDEEP

1536:CtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WZ:C4v4JKXTx71w0ArSsXF3enq8WZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4672 wrote to memory of 2956	4672	rundll32.exe	rundll32.exe
PID 4672 wrote to memory of 2956	4672	rundll32.exe	rundll32.exe
PID 4672 wrote to memory of 2956	4672	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37dc5a399215959aaf121339215ba1d0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4672

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37dc5a399215959aaf121339215ba1d0_NeikiAnalytics.dll,#1
2⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4216,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
1⤵
PID:2000