0cd782d5895fe09199d3faabe8967e8da74666398bd87a9248549d7c0177c74e

Analysis

max time kernel
132s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 23:26

Target

0cd782d5895fe09199d3faabe8967e8da74666398bd87a9248549d7c0177c74e_NeikiAnalytics.dll
Size

6KB
MD5

4203c0a31baff35f150447b210f79640
SHA1

dd9a652c33c8b148ede76983790bf12b93e95b4b
SHA256

0cd782d5895fe09199d3faabe8967e8da74666398bd87a9248549d7c0177c74e
SHA512

c3545b9135698197518631e8646c9560d3a1ba042a7761a861573b4d1bf0d3647825404f1a0079d3c2391bad7c9f25dbb048e003bc34f11dcf5fca610c853e25
SSDEEP

96:nEY2RrF1eqwi4m/fBKp6Lx9L0HTslOmtHAuO4yDYLPSM:EHRh1eppO0pO9L4YjOHbM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 3452	4004	rundll32.exe	90
PID 4004 wrote to memory of 3452	4004	rundll32.exe	90
PID 4004 wrote to memory of 3452	4004	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cd782d5895fe09199d3faabe8967e8da74666398bd87a9248549d7c0177c74e_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cd782d5895fe09199d3faabe8967e8da74666398bd87a9248549d7c0177c74e_NeikiAnalytics.dll,#1
  2⤵
  PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1716,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=3028 /prefetch:8
1⤵
PID:5100