1c8c1937e34630a96220a86d1c2184075cb01492ca7b79c2ec034fceaf02d0aa

Analysis

max time kernel
130s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 21:47

Target

1c8c1937e34630a96220a86d1c2184075cb01492ca7b79c2ec034fceaf02d0aa_NeikiAnalytics.dll
Size

6KB
MD5

e7d650decf6df422805b38bf5083fa10
SHA1

51181bbb34502d0ecb03fda61977af7e1e740126
SHA256

1c8c1937e34630a96220a86d1c2184075cb01492ca7b79c2ec034fceaf02d0aa
SHA512

bdd8f5a5943dadf9d8ae8f21b8370ecb3fba806f53709b9df38af470de252531f4ebc73c21d4cda7b8c0605832abc98c501970b5a1af3acc38f2d439fc4afaea
SSDEEP

96:hy859x0P8MaKMrfmcC3TU1svyCjnrAmPer2mQMku0BegsIh9:F5oLoqcC3A1sdrAVKrMd0ggsG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 3300	1776	rundll32.exe	90
PID 1776 wrote to memory of 3300	1776	rundll32.exe	90
PID 1776 wrote to memory of 3300	1776	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c8c1937e34630a96220a86d1c2184075cb01492ca7b79c2ec034fceaf02d0aa_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c8c1937e34630a96220a86d1c2184075cb01492ca7b79c2ec034fceaf02d0aa_NeikiAnalytics.dll,#1
  2⤵
  PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4076,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:8
1⤵
PID:2240