551cbf31fcf9032e1e23d5c7d094b24e0a8a70c887746d5f1e71400a0b0636d0

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 23:10

Target

6c644cda1ba1ea06a74ebc99ba68ca20_NeikiAnalytics.dll
Size

132KB
MD5

6c644cda1ba1ea06a74ebc99ba68ca20
SHA1

a16a0dd3f1c4e66058d55f731c3e3563a02a9ef5
SHA256

551cbf31fcf9032e1e23d5c7d094b24e0a8a70c887746d5f1e71400a0b0636d0
SHA512

5a524c20b394b59ffcef3199614efc722067edcac8bad84af35a3f22ef7c86c6507dc0063e9b21ce15ed0c85952c7e16d94bda04136f4f324fa368fcfe7df9c1
SSDEEP

1536:8FBLUo8M/QPYC0B99gbNhugMS5i1bUiIfD027X2HZ5Jev04sWusd09dlYcbcuu6b:wGo8MYmB99SrtM0ieiG027qM8mMu0cu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2992	2848	rundll32.exe	28
PID 2848 wrote to memory of 2992	2848	rundll32.exe	28
PID 2848 wrote to memory of 2992	2848	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c644cda1ba1ea06a74ebc99ba68ca20_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2848 -s 72
  2⤵
  PID:2992