afe1623961c6038d41ea0dfd6770b41647b4fe00ae722d3af1018ae9cd629b0a

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 19:40

Target

dc558af4186201d7c1e96f7037f00a60_NeikiAnalytics.dll
Size

1009KB
MD5

dc558af4186201d7c1e96f7037f00a60
SHA1

72b9d04125e274d51944bb75a80834421514375c
SHA256

afe1623961c6038d41ea0dfd6770b41647b4fe00ae722d3af1018ae9cd629b0a
SHA512

dca2eb7cc79f37b0dc65af8842c5ea98b4d2078620f4c55d8fca1e771aa99aad83c8542ed2a7c40a21c2717a403e886481036e373bc9fc03e435a638768581a0
SSDEEP

24576:mJkNCo/3AutxOwbjTHRrQfBwi2VA4rEH7XI:CKCGAutxOwfTHkJ2uvI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4056	3568	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 3568	3356	rundll32.exe	82
PID 3356 wrote to memory of 3568	3356	rundll32.exe	82
PID 3356 wrote to memory of 3568	3356	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc558af4186201d7c1e96f7037f00a60_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc558af4186201d7c1e96f7037f00a60_NeikiAnalytics.dll,#1
  2⤵
  PID:3568
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 560
    3⤵
    - Program crash
    PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3568 -ip 3568
1⤵
PID:3628