a1aa805a157f3e3e49cb4d544c5f65303e047a38d08bb4bc4a3567040a98d507

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 20:08

Target

50ff674767ac7e83b00dd3a4aa7526a0_NeikiAnalytics.dll
Size

2.2MB
MD5

50ff674767ac7e83b00dd3a4aa7526a0
SHA1

dbd2a7537dc32fa097111543c242efd3e3b03b0a
SHA256

a1aa805a157f3e3e49cb4d544c5f65303e047a38d08bb4bc4a3567040a98d507
SHA512

8aa693ee8cbe6010d477a6b3b941163da0b20f97d539f9f8ae454ffe62f544e05a05ae867d9dc11493ebebfd96acce964c5a88b560e4bdc3e8b613bb895f2075
SSDEEP

12288:sXM1bo6qsNC1fQxIa519hIz1RIUZfZpBF0nzOKloK37trcIhF8XdY0Bu0p:sXM1usK4xIa519hiRIU7XLKNthF8XW0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2208	2400	rundll32.exe	28
PID 2400 wrote to memory of 2208	2400	rundll32.exe	28
PID 2400 wrote to memory of 2208	2400	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50ff674767ac7e83b00dd3a4aa7526a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2400 -s 164
  2⤵
  PID:2208