59b57840509b46cef835fce3c7c8bce2df7e5611cd17b2681a2da94badde3c20

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 19:29

Target

07ee11ce0ee5d362fce109840ec0ef80_NeikiAnalytics.dll
Size

553KB
MD5

07ee11ce0ee5d362fce109840ec0ef80
SHA1

481f3e39a14dcc01f0f08d5050674faa201dda4f
SHA256

59b57840509b46cef835fce3c7c8bce2df7e5611cd17b2681a2da94badde3c20
SHA512

126f16ecc281fa236570ba156a83cfd0d06d9d9a0b088afc0c4c1ee93c02a8602b766d90de5a79b1fcb6db30c1b9e66d839f4f558698826c6fd82c8478a79e17
SSDEEP

6144:dzHUOkvi+1y5WzAsMH3dZXgKNCBl5Qems9o:dzHWit5rzjN0l5Fms+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1500 wrote to memory of 2276	1500	rundll32.exe	WerFault.exe
PID 1500 wrote to memory of 2276	1500	rundll32.exe	WerFault.exe
PID 1500 wrote to memory of 2276	1500	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07ee11ce0ee5d362fce109840ec0ef80_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1500 -s 168
2⤵
PID:2276