30f429edfe6a412000013ab9cdb3b94ab4953597f69cfb174543e92a7fd275b6

Analysis

max time kernel
124s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 11:30

Target

0fdb0dac07fd1e86251123ec65fd9850_NeikiAnalytics.dll
Size

5KB
MD5

0fdb0dac07fd1e86251123ec65fd9850
SHA1

2c3c798d417f026f92016f86a3e561f71d309536
SHA256

30f429edfe6a412000013ab9cdb3b94ab4953597f69cfb174543e92a7fd275b6
SHA512

9d60b47fa6366ea8929279f66dd6df71e0ef159a88b505ff3283d77dff7780b217f51663201499c4576f0d62ef034157d2eb6fb8e4a31a3483e03796e0615bc9
SSDEEP

96:hy859x0P8Ma0tTIVjAFcuE61c9TaxSWOnIna:F5oLFFFcuE99KSN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 1496	744	rundll32.exe	89
PID 744 wrote to memory of 1496	744	rundll32.exe	89
PID 744 wrote to memory of 1496	744	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fdb0dac07fd1e86251123ec65fd9850_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fdb0dac07fd1e86251123ec65fd9850_NeikiAnalytics.dll,#1
  2⤵
  PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4332,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
1⤵
PID:4536