bc56c63339c376e8404a90fa2e3e4dea079521fbebf43fdc5ed9881e62f84747

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 22:40

Target

2cc5b2989e771dc6efd530fd840bd6d0_NeikiAnalytics.dll
Size

8KB
MD5

2cc5b2989e771dc6efd530fd840bd6d0
SHA1

9d5bb7b3b5c660b0f12d8b2c1671a3bc0502444d
SHA256

bc56c63339c376e8404a90fa2e3e4dea079521fbebf43fdc5ed9881e62f84747
SHA512

1118481d911e7f2cbf84a2927abd6b7275d83dfff3f2cf742570e5175774909bf166cc180f17e5dcd1f1ca5baaef75d959852eae58424170cae53b346568540e
SSDEEP

192:0LTQup2U25vGK6RBWW3N65QOi3Br3wWVq9dd0Lv9WZJ:0gK2UrK6RQJqN3uW0zd0LVm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3248	4756	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 4756	1332	rundll32.exe	82
PID 1332 wrote to memory of 4756	1332	rundll32.exe	82
PID 1332 wrote to memory of 4756	1332	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc5b2989e771dc6efd530fd840bd6d0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc5b2989e771dc6efd530fd840bd6d0_NeikiAnalytics.dll,#1
  2⤵
  PID:4756
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 544
    3⤵
    - Program crash
    PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4756 -ip 4756
1⤵
PID:4296