5070e6fe82c56ecefed7980982c9e5c29c511f9a65428278ed59cff88efdbe00

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 02:33

Target

5070e6fe82c56ecefed7980982c9e5c29c511f9a65428278ed59cff88efdbe00_NeikiAnalytics.dll
Size

6KB
MD5

fd0ce646fe8e6b94d6d58dac74b81a10
SHA1

893bbf370e40f08b493f614cd9fdeaf1782f408d
SHA256

5070e6fe82c56ecefed7980982c9e5c29c511f9a65428278ed59cff88efdbe00
SHA512

d12f08c49a680a42024e7bffaaeef5bdaa93fa21f9862a609a74603eb031f687ad080e7dd712720672114ffc03e1402fe8ec002e4a65938da9b7a72b3e806ce1
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0iicB+BDq9J5SH:VDa9VUX9bQW5cB+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 1312	652	rundll32.exe	90
PID 652 wrote to memory of 1312	652	rundll32.exe	90
PID 652 wrote to memory of 1312	652	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5070e6fe82c56ecefed7980982c9e5c29c511f9a65428278ed59cff88efdbe00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5070e6fe82c56ecefed7980982c9e5c29c511f9a65428278ed59cff88efdbe00_NeikiAnalytics.dll,#1
  2⤵
  PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:1604