98f88c7bcbcccbebbb88381bf59696b4187a6d93f35fc582f3e1c045dc1c5d1f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 10:41

Target

14d98839f357d93a2b63f51110162660_NeikiAnalytics.dll
Size

2.2MB
MD5

14d98839f357d93a2b63f51110162660
SHA1

9a34bdbfe61764d17164547ee13bafef8d49a73c
SHA256

98f88c7bcbcccbebbb88381bf59696b4187a6d93f35fc582f3e1c045dc1c5d1f
SHA512

b062bf804c06211ad2df32c115b3ea3c5c8fb5770560af6ef364a4468d51ba5f2d3c9a1c7b7a1390d3072cba140a875c3abf997bc01c0be92cdd9c327566b25e
SSDEEP

49152:yPofOdoADbyaSUceDAvwfeOAy9iZztpPGWwBRm39:Co2DSHeXAy9iZztpPGWwBRm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1316	4504	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 4504	1808	rundll32.exe	82
PID 1808 wrote to memory of 4504	1808	rundll32.exe	82
PID 1808 wrote to memory of 4504	1808	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14d98839f357d93a2b63f51110162660_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14d98839f357d93a2b63f51110162660_NeikiAnalytics.dll,#1
  2⤵
  PID:4504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 584
    3⤵
    - Program crash
    PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4504 -ip 4504
1⤵
PID:2700