28551b173b2cfbbd3db074fb7a83fb4abc46c1f2275b7576f13d84d129a6fa9c

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 00:49

Target

28551b173b2cfbbd3db074fb7a83fb4abc46c1f2275b7576f13d84d129a6fa9c_NeikiAnalytics.dll
Size

282KB
MD5

41640326f33516c5276df5617a798c40
SHA1

04d6acd550c34389f0a4ae6c19a0d293a886b13f
SHA256

28551b173b2cfbbd3db074fb7a83fb4abc46c1f2275b7576f13d84d129a6fa9c
SHA512

c4bd77c4726e7b21668bde30601abd7906b3b8657d8a86093841c72058c1fcdfe30ceba1f897aefed37715a39dd5d7c708c7f1cf155eed5eecf7b605ed07366f
SSDEEP

6144:0O82vrLOaIiQRMYxnh+eRS2EY3xgRrrG0k9TahiUwmgG8Q0Oyw4k+gSwsWkEw0+L:qDU99BvhunWfI9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 3652	4596	rundll32.exe	91
PID 4596 wrote to memory of 3652	4596	rundll32.exe	91
PID 4596 wrote to memory of 3652	4596	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28551b173b2cfbbd3db074fb7a83fb4abc46c1f2275b7576f13d84d129a6fa9c_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28551b173b2cfbbd3db074fb7a83fb4abc46c1f2275b7576f13d84d129a6fa9c_NeikiAnalytics.dll,#1
  2⤵
  PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:404