733078817e55e4e81edf1f3b517f85b6612e900c73cb6f2dc1b2b80ae10050c6

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 23:02

Target

18ad97cbefa204662019ebbcfec362f0_NeikiAnalytics.dll
Size

317KB
MD5

18ad97cbefa204662019ebbcfec362f0
SHA1

8ab76d5624d7c81e497fcb3f18232f75616c12b0
SHA256

733078817e55e4e81edf1f3b517f85b6612e900c73cb6f2dc1b2b80ae10050c6
SHA512

912f2afb03ecec268dfd0601cfd993ec46a901860aec8a652e1d63ec56a52e45bf4c3c97cf83bb0c95bd6001eb459acb4454a1a83f5a9c5b2adf5c51aa53e45f
SSDEEP

6144:kaXm4n6kR+thqEKaAKrOl0XZrJmYdvCLzFAOAZe3:9XfRkt1AKr40XZcY9CLxA63

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2044	rundll32.exe
2044	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process
2728	2044	WerFault.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2044	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2952 wrote to memory of 2044	2952	rundll32.exe	28
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29
PID 2044 wrote to memory of 2728	2044	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18ad97cbefa204662019ebbcfec362f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18ad97cbefa204662019ebbcfec362f0_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
    3⤵
    - Program crash
    PID:2728

memory/2044-3-0x000000002A270000-0x000000002A2C5000-memory.dmp

Filesize
340KB

Download
memory/2044-2-0x000000002A270000-0x000000002A2C5000-memory.dmp

Filesize
340KB

Download
memory/2044-1-0x000000002A270000-0x000000002A2C5000-memory.dmp

Filesize
340KB

Download
memory/2044-0-0x000000002A270000-0x000000002A2C5000-memory.dmp

Filesize
340KB

Download