ffccff02ea3f36b641a798813ae516921e54b8dc9a0b97bf69f92ba7472356ce

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 06:48

Target

9b0de394f2e6c98b8b4871bd2761e7a0_NeikiAnalytics.dll
Size

91KB
MD5

9b0de394f2e6c98b8b4871bd2761e7a0
SHA1

ce5cf7bd9dd7d8ca5a72c4e992af14ae22844ea1
SHA256

ffccff02ea3f36b641a798813ae516921e54b8dc9a0b97bf69f92ba7472356ce
SHA512

14a90b3baeff18a59462c9666e525c5895428c561ee8de0178a64b55571e55b82a7aacd54f26a6c75ff1176a16eb7d36dc1f352bc16ab87198482e36323a53ec
SSDEEP

1536:iZ/miOOvXLg2+FsqKuLLwGHoz0Vd2uIz0zEHvBQYnXWEtLi+1MAeb1CcgDO3GWzX:3irvXLp+FsqKobG0l7L1RgDO3GWz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2952	2956	rundll32.exe	28
PID 2956 wrote to memory of 2952	2956	rundll32.exe	28
PID 2956 wrote to memory of 2952	2956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b0de394f2e6c98b8b4871bd2761e7a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2956 -s 80
  2⤵
  PID:2952