333354e69000f7419b17f4cbc213d6135d7b02bd2498ccb28bd7b96a90880e3d

Analysis

max time kernel
133s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:27

Target

77df77e6ee417a32df2831d08bc5e730_NeikiAnalytics.dll
Size

6KB
MD5

77df77e6ee417a32df2831d08bc5e730
SHA1

75ca92446fe5797fe77ddbb0dd4b939377abb0c5
SHA256

333354e69000f7419b17f4cbc213d6135d7b02bd2498ccb28bd7b96a90880e3d
SHA512

b604ccafebee80a52e9335d550d16dfd02cd427a0d76b6555d39f3d01bfc22cfa5c242a9c9e68548ed4f07c1f2d231ff5c6b51fb7b302647cd6cbe7c65038aae
SSDEEP

96:hy859x0P8MauhtOrVoOnC46R4X6/ro64Aco3b:F5oLTeoOFooTor

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4564 wrote to memory of 2232	4564	rundll32.exe	rundll32.exe
PID 4564 wrote to memory of 2232	4564	rundll32.exe	rundll32.exe
PID 4564 wrote to memory of 2232	4564	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77df77e6ee417a32df2831d08bc5e730_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4564

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77df77e6ee417a32df2831d08bc5e730_NeikiAnalytics.dll,#1
2⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3348,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:8
1⤵
PID:1356