01500caa01f3f88889dcf026b4ff1abe9e57d6fbb5e1aae0f92d7d0d265b65f6

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 07:38

Target

01500caa01f3f88889dcf026b4ff1abe9e57d6fbb5e1aae0f92d7d0d265b65f6_NeikiAnalytics.dll
Size

116KB
MD5

27868540c4b60289a7b3c8b4691b8190
SHA1

f5252952795c583ed255b33c508fb6ce7c1fec7c
SHA256

01500caa01f3f88889dcf026b4ff1abe9e57d6fbb5e1aae0f92d7d0d265b65f6
SHA512

e78d5c676d3df43f0a60ea783f9ffb45ead6a4e7081b33a71cd244750a27c3f227e663aca278152a1194baa5c523df20e55293c9f4a379db49987af46cef0d04
SSDEEP

1536:eVsq16VZu+ZhsqfaZCGYhjCAkzn1667mb:I/UqqCCGIqn1lmb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 3344	1896	rundll32.exe	88
PID 1896 wrote to memory of 3344	1896	rundll32.exe	88
PID 1896 wrote to memory of 3344	1896	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01500caa01f3f88889dcf026b4ff1abe9e57d6fbb5e1aae0f92d7d0d265b65f6_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01500caa01f3f88889dcf026b4ff1abe9e57d6fbb5e1aae0f92d7d0d265b65f6_NeikiAnalytics.dll,#1
  2⤵
  PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8
1⤵
PID:4108