e8ab1e8e48e21a3f095fe0c7cbb8ff1417cf65373edf35dd9ce7e013e815dc10

Analysis

max time kernel
90s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 02:58

Target

2f13e0996f94da48521d595664fa80a0_NeikiAnalytics.dll
Size

208KB
MD5

2f13e0996f94da48521d595664fa80a0
SHA1

e1c83ff230569d5daa909a7a898b28212dada881
SHA256

e8ab1e8e48e21a3f095fe0c7cbb8ff1417cf65373edf35dd9ce7e013e815dc10
SHA512

216b659f5700e51cafa9216ce8d4a9d6b501d06d7d42b8e1d3e2a7c45b43a5e669bc80dde5ebd871a81c74079944740c1bc8d217bd929930b222a1d8b22fd8c1
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUMVY5M:LIDff9D8C6XYRw6MT2DEjn

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3968 3996 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3968	3996	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1528 wrote to memory of 3996	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 3996	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 3996	1528	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f13e0996f94da48521d595664fa80a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f13e0996f94da48521d595664fa80a0_NeikiAnalytics.dll,#1
2⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 632
3⤵
- Program crash
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3996 -ip 3996
1⤵
PID:2936