14c2e0139dc6faa364b062a8488dd7d006e0d9e441fbe2818fdb32bcf09ef16f

Analysis

max time kernel
132s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:31

Target

6e0df5295ef8c2cc28b3ff779696ef70_NeikiAnalytics.dll
Size

1.1MB
MD5

6e0df5295ef8c2cc28b3ff779696ef70
SHA1

19d4db821d1dcafc66659210b8abacfb4d7e016d
SHA256

14c2e0139dc6faa364b062a8488dd7d006e0d9e441fbe2818fdb32bcf09ef16f
SHA512

1b77786e92963f6263f858cbe196196972d73cec1d68f716ab3217c18776413eda5589a4d8382ccb8667977e2d5cad94a707a813f25740dbf3e629d84427f537
SSDEEP

12288:GgXCgKKvtQbAf9ocoJt/WltkDNe9Pmcs8E2NXyJP9zR41hLbfFcDYdvTtTpTQTth:GgSgKC2gFMmtkR/N4hLJcAgB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4576 wrote to memory of 1724	4576	rundll32.exe	rundll32.exe
PID 4576 wrote to memory of 1724	4576	rundll32.exe	rundll32.exe
PID 4576 wrote to memory of 1724	4576	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e0df5295ef8c2cc28b3ff779696ef70_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e0df5295ef8c2cc28b3ff779696ef70_NeikiAnalytics.dll,#1
2⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4572,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
1⤵
PID:1780