111e9ecc8b9b6846a579a682791dc8a6b725f5944ac1d2b04cd1ca06fef5cd17

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 00:08

Target

111e9ecc8b9b6846a579a682791dc8a6b725f5944ac1d2b04cd1ca06fef5cd17_NeikiAnalytics.dll
Size

4KB
MD5

483946325b88dba4599726313b6d23a0
SHA1

d81ed1d1f8fa8f6379719250e683f31fd7207864
SHA256

111e9ecc8b9b6846a579a682791dc8a6b725f5944ac1d2b04cd1ca06fef5cd17
SHA512

3dc136285bed8bbbb13325e5146a948b80d9512f1dd248b8b1e7d60fd3524339177aeb56f0061769d0f15d73650fc1c54e960992e3aa3d7689df2964648d10c2
SSDEEP

48:SWkO0IoyTnXz+ihZjokt1J3S0hpDGECCqMAi7PFubHRjxQ9:ZJTnXzvokr1SfCumdubxjxG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 656	4888	rundll32.exe	92
PID 4888 wrote to memory of 656	4888	rundll32.exe	92
PID 4888 wrote to memory of 656	4888	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\111e9ecc8b9b6846a579a682791dc8a6b725f5944ac1d2b04cd1ca06fef5cd17_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\111e9ecc8b9b6846a579a682791dc8a6b725f5944ac1d2b04cd1ca06fef5cd17_NeikiAnalytics.dll,#1
  2⤵
  PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:1264