f3da0a172f71578d479a7b64e2a786efeb3b92d1711a7757284d34c36e358b9b

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 10:05

Target

c1f4812c3fa355e2aa0fe7b6f8e173b0_NeikiAnalytics.dll
Size

20KB
MD5

c1f4812c3fa355e2aa0fe7b6f8e173b0
SHA1

bbaa3434674fa34c29d68e6554190d8c0e000cb2
SHA256

f3da0a172f71578d479a7b64e2a786efeb3b92d1711a7757284d34c36e358b9b
SHA512

545ae89f7cbfa8fe691164f62e4df87562fad674c126efa51e8524ad9cc9225be4f2ac1a3cc7aaf414de546514c45cfb4b4d4e1a1ce263793716000c0a7c3500
SSDEEP

384:IP8qOHNYN4yhKvGeaSKrPIFsT6wcJCwdNFg5XhCm/RA:IP8Du4xHaSd0JVYNFg5MKi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1984	1992	rundll32.exe	28
PID 1992 wrote to memory of 1984	1992	rundll32.exe	28
PID 1992 wrote to memory of 1984	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1f4812c3fa355e2aa0fe7b6f8e173b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1992 -s 80
  2⤵
  PID:1984

memory/1992-0-0x000007FEFAED0000-0x000007FEFAEDD000-memory.dmp

Filesize
52KB

Download