fd5ab701cb78cfde475a5265ccc2019eb6cf107e9728934bf546ded031f3facd

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 17:59

Target

071fe5a38335e876bb295ab2f007eb50_NeikiAnalytics.dll
Size

5.0MB
MD5

071fe5a38335e876bb295ab2f007eb50
SHA1

a3f943f4506d2447cc9cd7d8d88f101e76a922f8
SHA256

fd5ab701cb78cfde475a5265ccc2019eb6cf107e9728934bf546ded031f3facd
SHA512

1ff969e135aa19bd8e5a6e3f428cc9ef5e029f9d3eff306db2db8b410fe7f74176812f19426cc67f3c4c50aeaddaad8aade52bdc5e0375a7ae8b8f93ebaf11b0
SSDEEP

49152:pnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAA:9DqPoBhz1aRxcSUDk36SA

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

mssecsvc.exe

pid process

2516 mssecsvc.exe
Drops file in Windows directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\WINDOWS\mssecsvc.exe rundll32.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

688 2516 WerFault.exe mssecsvc.exe

pid	process
2516	mssecsvc.exe

description	ioc	process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe

pid	pid_target	process	target process
688	2516	WerFault.exe	mssecsvc.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 4356 wrote to memory of 3508	4356	rundll32.exe	rundll32.exe
PID 4356 wrote to memory of 3508	4356	rundll32.exe	rundll32.exe
PID 4356 wrote to memory of 3508	4356	rundll32.exe	rundll32.exe
PID 3508 wrote to memory of 2516	3508	rundll32.exe	mssecsvc.exe
PID 3508 wrote to memory of 2516	3508	rundll32.exe	mssecsvc.exe
PID 3508 wrote to memory of 2516	3508	rundll32.exe	mssecsvc.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\071fe5a38335e876bb295ab2f007eb50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4356

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe
3⤵
- Executes dropped EXE
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 272
4⤵
- Program crash
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2516 -ip 2516
1⤵
PID:1140

C:\Windows\mssecsvc.exe
Filesize
3.6MB

MD5
5ff5116e856c6a3f16f562c4dbd890d7

SHA1
7064ff9cf384d4555b2e69a8137b5075c9b774c3

SHA256
4a6ba74b0c0db6f07800bfad1c9ad28891909c991935c2d98287057569712054

SHA512
d4e9813fa0438a7247080736acd63b6b5292fbecec2ada2b595a2f2700955d9f77b61927893895f55710731df7f12d83443b23df07f86cf8c5481d8fde4cad43

Download Submit
memory/2516-4-0x0000000000400000-0x0000000000A70000-memory.dmp

Filesize
6.4MB

Download
memory/2516-5-0x0000000000400000-0x0000000000A70000-memory.dmp

Filesize
6.4MB

Download