919c8914f56b39620a8202ea12d9cbb162cc6db2b9e89dd016344b8b81d4ca23

Analysis

max time kernel
128s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 09:45

Target

919c8914f56b39620a8202ea12d9cbb162cc6db2b9e89dd016344b8b81d4ca23_NeikiAnalytics.dll
Size

7KB
MD5

3faea9d64a8812aa937d27bd218a3140
SHA1

840bf24c9802d11c37cb722922b5370779338dd0
SHA256

919c8914f56b39620a8202ea12d9cbb162cc6db2b9e89dd016344b8b81d4ca23
SHA512

c047a3d7a466af35de2b3c95d275f7bb992f9bb18002a5f4e1f75b1b754a0d11f3888b529adcc063ab58bafe7efcc814d21f6d8307eaca762cfffc7444ba7939
SSDEEP

96:wb4VHccYJUC/aFbz/j0OvaPDSd3cX5aXW:wUaJf/aFbP0OmS2JaX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 3324	4640	rundll32.exe	90
PID 4640 wrote to memory of 3324	4640	rundll32.exe	90
PID 4640 wrote to memory of 3324	4640	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\919c8914f56b39620a8202ea12d9cbb162cc6db2b9e89dd016344b8b81d4ca23_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\919c8914f56b39620a8202ea12d9cbb162cc6db2b9e89dd016344b8b81d4ca23_NeikiAnalytics.dll,#1
  2⤵
  PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4420,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8
1⤵
PID:904