8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 07:37

Target

8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9_NeikiAnalytics.dll
Size

120KB
MD5

36954213bea25fe0eb33a5f15b5f0e50
SHA1

da421af693994acb20d340167b643e209cea19cf
SHA256

8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9
SHA512

10148f388c7ae48c43a58e920177a4c0c8e4bbed0fed165c9be330ee6c90f8f83b01acd56cb4aed8332970980db35360b1f02bf9f36ef50f84a9a9bd9bbd0fc7
SSDEEP

3072:jC0TBUrb1sSJ6gkj1Ub1ibSlGpkhcxbw9B:VTObzaxUb1ibS4pXxbw

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
4316	e581151.exe
3736	e582287.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4744	4664	rundll32.exe	91
PID 4664 wrote to memory of 4744	4664	rundll32.exe	91
PID 4664 wrote to memory of 4744	4664	rundll32.exe	91
PID 4744 wrote to memory of 4316	4744	rundll32.exe	92
PID 4744 wrote to memory of 4316	4744	rundll32.exe	92
PID 4744 wrote to memory of 4316	4744	rundll32.exe	92
PID 4744 wrote to memory of 3736	4744	rundll32.exe	93
PID 4744 wrote to memory of 3736	4744	rundll32.exe	93
PID 4744 wrote to memory of 3736	4744	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c993696a547d4b92b858028f9dd0de0e9e7c99aad5fae6bfde9c6cf22aa41b9_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4744
- - C:\Users\Admin\AppData\Local\Temp\e581151.exe
    C:\Users\Admin\AppData\Local\Temp\e581151.exe
    3⤵
    - Executes dropped EXE
    PID:4316
- - C:\Users\Admin\AppData\Local\Temp\e582287.exe
    C:\Users\Admin\AppData\Local\Temp\e582287.exe
    3⤵
    - Executes dropped EXE
    PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4232 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\e581151.exe

Filesize
97KB

MD5
5c5dbb31c2d58b75f34512260a57a989

SHA1
c027a80a6acc7527eced83a860f99eb4fd0b17ae

SHA256
22a21154db77093531d01040c2e08100bc29de75f2220e12779a648a7c6d3a21

SHA512
e8f07c0fef237503b938406b09254119451066a62f103742be43bf2ce5d44ebfcbe65cc2592f40f4332de7d2b7c40cc2a6d932443cf21cd48ffb11a8b92b6153

Download Submit
memory/4316-4-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4316-6-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4744-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download