9b5880238170cf8db95543f7a7421256253518bcc6747e8586516c467fd186c6

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 04:42

Target

2e6b2d247886928c1a5309f3f0e5de00_NeikiAnalytics.dll
Size

2.2MB
MD5

2e6b2d247886928c1a5309f3f0e5de00
SHA1

3ebd6862c48e474ce77fd63f01882dce1aa87b88
SHA256

9b5880238170cf8db95543f7a7421256253518bcc6747e8586516c467fd186c6
SHA512

b55995be465a0d1aa65e3cf2a1a491e10caca483f400a744b84bb74b69f9e9807a1b3bf03b237ec7555475a0aabdce060df91df202ce5969b0d271d38ddaecaa
SSDEEP

49152:PNllTDgxCvWt0vrn+2sHxtbWOmOIYjLtap/j:flng8+crDwmOxjS/j

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1744	652	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 652	1036	rundll32.exe	81
PID 1036 wrote to memory of 652	1036	rundll32.exe	81
PID 1036 wrote to memory of 652	1036	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e6b2d247886928c1a5309f3f0e5de00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e6b2d247886928c1a5309f3f0e5de00_NeikiAnalytics.dll,#1
  2⤵
  PID:652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 560
    3⤵
    - Program crash
    PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 652 -ip 652
1⤵
PID:3380