8887a441bc311d2046159578d47c5d7a3984de7fc46fa8aefb129857667572be

Analysis

max time kernel
138s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 14:34

Target

c43e6e93f66f127d37619b9d39ba86a0_NeikiAnalytics.dll
Size

453KB
MD5

c43e6e93f66f127d37619b9d39ba86a0
SHA1

a165cd8e220ef366d0951c5664e702caa3e639ea
SHA256

8887a441bc311d2046159578d47c5d7a3984de7fc46fa8aefb129857667572be
SHA512

46fda66e5356ceec5ff252b940ae483d71ca911bab36cd2dff3b5a41ecf626b38651be027f6bb5ef3a17cb12b7231c11ddbe648f6dd2ccb9850dcf03f24319ac
SSDEEP

12288:QyFMXcGHPytq3sCGZ+HRuIIIIIIIqIfIqYIIIIUIhII3trdmXp:QyeXcGHP53sCGiRuIIIIIIIqIfIqYIIo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 5000	3588	rundll32.exe	90
PID 3588 wrote to memory of 5000	3588	rundll32.exe	90
PID 3588 wrote to memory of 5000	3588	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c43e6e93f66f127d37619b9d39ba86a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c43e6e93f66f127d37619b9d39ba86a0_NeikiAnalytics.dll,#1
  2⤵
  PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2736,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:8
1⤵
PID:5100