4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 10:48

Target

4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2_NeikiAnalytics.dll
Size

36KB
MD5

16dbdbbd36ceb55a8ab82c2f0a5d3b60
SHA1

0f8ac2d1a5d5ba134564da7f47e4007c75895f5c
SHA256

4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2
SHA512

1f7c1b5f27279fbb2e27575f7c6cfade812ec95371ebca0c5bb34faf7f4e3e636e9bcee034ecb2fd9e21bd6ce7e47e30bba8421c91f329c74b63556f0996ae7f
SSDEEP

768:nT3p2gGDVOLXRUZMBx8F89vv3OCL/qOnhdCXjl+/Cqb:nzk/o8F8c8SOnqY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 4136	4672	rundll32.exe	93
PID 4672 wrote to memory of 4136	4672	rundll32.exe	93
PID 4672 wrote to memory of 4136	4672	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2_NeikiAnalytics.dll,#1
  2⤵
  PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:1540