1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed

Analysis

max time kernel
140s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 22:48

Target

1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll
Size

490KB
MD5

31a1dbdd689a25d9edac91858bada050
SHA1

4f1f01006d1e9e6fcc2d8b54e2cee4a623213a70
SHA256

1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed
SHA512

a615f322a1e8298150441a002ec94a71e75d9c1042a6364166bf9902d99f3d847e1b6dcb2a43f9d1d39da21fc5d11551036d83c2b0fb0403c6ded6e59272a76a
SSDEEP

12288:pTkyQAdz5tk4Wk6Yvs19rTSiKU84g9o7QGy0gM:b9VWJ1dPRuo7QGY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 1844	4840	rundll32.exe	90
PID 4840 wrote to memory of 1844	4840	rundll32.exe	90
PID 4840 wrote to memory of 1844	4840	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll,#1
  2⤵
  PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:4684