786a97625619a6b2fbdcead02e91df799c07a22659795bf7adcedc862f30a929

Analysis

max time kernel
134s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 01:05

Target

87539cc5763cebd85f927e9a622607e0_NeikiAnalytics.dll
Size

463KB
MD5

87539cc5763cebd85f927e9a622607e0
SHA1

0100f8c9c31a44ae0be7d62587cf0b17ba50351e
SHA256

786a97625619a6b2fbdcead02e91df799c07a22659795bf7adcedc862f30a929
SHA512

9b1a188d95731d0c27efaa36be62f8b59a6bc60bbf86956f93340c30f40330536c8ad4e0184227b1e4964cbfa902efe864f3f7d7275e6e0fc097991b23ae35b0
SSDEEP

12288:o2nv8ccS8cc/Z/cs8Ccs8/yjvAr+dT4octaBjvrEH7l:o2nv8ccS8cc/Z/cs8Ccs8/yVG6rEH7l

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4796	4716	rundll32.exe	91
PID 4716 wrote to memory of 4796	4716	rundll32.exe	91
PID 4716 wrote to memory of 4796	4716	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87539cc5763cebd85f927e9a622607e0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87539cc5763cebd85f927e9a622607e0_NeikiAnalytics.dll,#1
  2⤵
  PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3772,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
1⤵
PID:1236