47de0591526115e2d81ec02570433817138cac73e4242265c2f9e423fe629494

Analysis

max time kernel
131s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 03:51

Target

47de0591526115e2d81ec02570433817138cac73e4242265c2f9e423fe629494_NeikiAnalytics.dll
Size

2KB
MD5

3931b59c18d0603f749278ff8ea15560
SHA1

ea505465a1743e353e1ce2d673323f9b754fae05
SHA256

47de0591526115e2d81ec02570433817138cac73e4242265c2f9e423fe629494
SHA512

831e0b2ed733e7a9de9bdd7b246241deeea76f2277370b3ac0a721e1da6e29c953187f1883b43e341a45530982d0b5a3ce2ffc175687c447c24004e06b9ec0b4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5068	844	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 844	4640	rundll32.exe	82
PID 4640 wrote to memory of 844	4640	rundll32.exe	82
PID 4640 wrote to memory of 844	4640	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\47de0591526115e2d81ec02570433817138cac73e4242265c2f9e423fe629494_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\47de0591526115e2d81ec02570433817138cac73e4242265c2f9e423fe629494_NeikiAnalytics.dll,#1
  2⤵
  PID:844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 548
    3⤵
    - Program crash
    PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 844 -ip 844
1⤵
PID:2524

memory/844-0-0x0000000074D50000-0x0000000074D6C000-memory.dmp

Filesize
112KB

Download