99f2aaf2e95d3c3b7d56097fdd845ed7bf6920e034eb9951ead745146fa908e3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 10:59

Target

cb1855d744a0aa7e6873e33edd0b8f50_NeikiAnalytics.dll
Size

440KB
MD5

cb1855d744a0aa7e6873e33edd0b8f50
SHA1

6e31d3324f9326463999c1152db9c8efe67ea314
SHA256

99f2aaf2e95d3c3b7d56097fdd845ed7bf6920e034eb9951ead745146fa908e3
SHA512

9dadb9cf782666e38ed48860d41345f57b8bae5b549c2de65bd35f49bfb73bec002114068910a1c00ab06ee0522978e5244dbd0534004fd94b3191461825bc17
SSDEEP

6144:pR+WVYpppKen9VDg4tHCtEkiBGK401q2HE0I67++++++++TK53d:g1HCD+9q2HE0I

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2408	1200	rundll32.exe	28
PID 1200 wrote to memory of 2408	1200	rundll32.exe	28
PID 1200 wrote to memory of 2408	1200	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb1855d744a0aa7e6873e33edd0b8f50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1200 -s 80
  2⤵
  PID:2408