4b2a1639045d9a1da73eaae396336ab3e26f0df3e31d8b8afcbb0b68466e53ae | Triage

Analysis

max time kernel
133s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 10:35

Sharing

Report Analysis Logs

General

Target

4b2a1639045d9a1da73eaae396336ab3e26f0df3e31d8b8afcbb0b68466e53ae_NeikiAnalytics.dll
Size

3KB
MD5

75fd59a3549f42c245c35423cbc9f250
SHA1

ea693a93ea5f33a3bc90d05d8eb9694c16a7a384
SHA256

4b2a1639045d9a1da73eaae396336ab3e26f0df3e31d8b8afcbb0b68466e53ae
SHA512

17a869b657a66bd8046fabe9e6cbdbe31d8d4f79ce00cc4c772d27960b82505c4b1a625a914de3c7e8a297baecdadbb910650220633f3b76f6c34435eeab78d0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 1112	3588	rundll32.exe	92
PID 3588 wrote to memory of 1112	3588	rundll32.exe	92
PID 3588 wrote to memory of 1112	3588	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b2a1639045d9a1da73eaae396336ab3e26f0df3e31d8b8afcbb0b68466e53ae_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b2a1639045d9a1da73eaae396336ab3e26f0df3e31d8b8afcbb0b68466e53ae_NeikiAnalytics.dll,#1
  2⤵
  PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4648,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
1⤵
PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads