b5921e9fb73443716f4ec51f8e57dc847b2c1ac41dc034812aba564c552b3338

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 10:54

Target

c3b54355714e41d6c94d59391a984890_NeikiAnalytics.dll
Size

537KB
MD5

c3b54355714e41d6c94d59391a984890
SHA1

c4cdb283165f890774232c995277f9d896b4a6e8
SHA256

b5921e9fb73443716f4ec51f8e57dc847b2c1ac41dc034812aba564c552b3338
SHA512

a88c991c8f8bc85f9d61f9bd355c821b3a89be706488764b677a03a843e2bb9f94251a395d51cb54f07920b2a7cd1a2031e63ae3a2974f521d163e0c2f541390
SSDEEP

3072:LraGY2kRyiBuaYA59v/w+5fRSJ+FTOV6tsUBt3WQvLNxY/l+ZDcMrOz:LraTJ9XNSJ4Z

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	1144	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1144	1760	rundll32.exe	28
PID 1760 wrote to memory of 1144	1760	rundll32.exe	28
PID 1760 wrote to memory of 1144	1760	rundll32.exe	28
PID 1760 wrote to memory of 1144	1760	rundll32.exe	28
PID 1760 wrote to memory of 1144	1760	rundll32.exe	28
PID 1760 wrote to memory of 1144	1760	rundll32.exe	28
PID 1760 wrote to memory of 1144	1760	rundll32.exe	28
PID 1144 wrote to memory of 2752	1144	rundll32.exe	29
PID 1144 wrote to memory of 2752	1144	rundll32.exe	29
PID 1144 wrote to memory of 2752	1144	rundll32.exe	29
PID 1144 wrote to memory of 2752	1144	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3b54355714e41d6c94d59391a984890_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3b54355714e41d6c94d59391a984890_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 220
    3⤵
    - Program crash
    PID:2752