08af1695266be35bb4f116a452842ae5aed40b84dc60c19a9cbba6a618d5ca28

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 21:05

Target

08af1695266be35bb4f116a452842ae5aed40b84dc60c19a9cbba6a618d5ca28_NeikiAnalytics.dll
Size

6KB
MD5

f0d10f0da1bd99580492517e0da24be0
SHA1

6613893bb78b9ab97a60caae730ee9a846cef597
SHA256

08af1695266be35bb4f116a452842ae5aed40b84dc60c19a9cbba6a618d5ca28
SHA512

0c7f0fe09fa4e88970d8e56e36170ff94d98b3f19b01c69165236b085943b61f8906067c085d86ae5b67e6e89318ad03b23057c444bfb42d6041212ed1423e61
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0cB+BDq9J5SH:VDa9VUX9bQW8B+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 656	2620	rundll32.exe	91
PID 2620 wrote to memory of 656	2620	rundll32.exe	91
PID 2620 wrote to memory of 656	2620	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08af1695266be35bb4f116a452842ae5aed40b84dc60c19a9cbba6a618d5ca28_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\08af1695266be35bb4f116a452842ae5aed40b84dc60c19a9cbba6a618d5ca28_NeikiAnalytics.dll,#1
  2⤵
  PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3100 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5484