87b6d7c2e0732f2c33a99bf59c3fed68f1f15b9640b487098a13c1d603ccbf74

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:11

Target

1429038923563a63e7d29d7ee49c7000_NeikiAnalytics.dll
Size

275KB
MD5

1429038923563a63e7d29d7ee49c7000
SHA1

a4cee6cba921165c2dc34c0102f38f266423e0d8
SHA256

87b6d7c2e0732f2c33a99bf59c3fed68f1f15b9640b487098a13c1d603ccbf74
SHA512

9886dac600195b07f1165494635256b5adbf307773808e699bd3a1debea62b2a4cf170876ff8ec6a828970a9d8b0b7405deb30f5704543f7fb7bb0061db146a3
SSDEEP

6144:gOFc6dXpqTHkxZTmi2boph0lhSMXlBXBW/XL:gydXpqT6L8oph0lhSMXleX

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4804 3396 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4804	3396	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5044 wrote to memory of 3396	5044	rundll32.exe	rundll32.exe
PID 5044 wrote to memory of 3396	5044	rundll32.exe	rundll32.exe
PID 5044 wrote to memory of 3396	5044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1429038923563a63e7d29d7ee49c7000_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1429038923563a63e7d29d7ee49c7000_NeikiAnalytics.dll,#1
2⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 604
3⤵
- Program crash
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3396 -ip 3396
1⤵
PID:1144