629a6d5b1218bb3a01413b0ce15e887b5964c5b1656056f6b87e468c3b681036

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 07:15

Target

629a6d5b1218bb3a01413b0ce15e887b5964c5b1656056f6b87e468c3b681036_NeikiAnalytics.dll
Size

160KB
MD5

599ebcf6f701038273edf29946e4c910
SHA1

df80be6cc6b29cd3b10082e7619eb2d0484b347f
SHA256

629a6d5b1218bb3a01413b0ce15e887b5964c5b1656056f6b87e468c3b681036
SHA512

c44c86110424d3736399daf439c5680f9b67e4b228efaffaf0c8481fa34b9a5a7cf77e10670c5de501224767c1748398a23506bd8db111fcf522994008756724
SSDEEP

3072:gMAlhDScGgKqqrccIPaldpZOWCFheHzS7whb1cVeojlesjv:8fDiWqO9o9KemeK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2084	2392	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2392	2244	rundll32.exe	28
PID 2244 wrote to memory of 2392	2244	rundll32.exe	28
PID 2244 wrote to memory of 2392	2244	rundll32.exe	28
PID 2244 wrote to memory of 2392	2244	rundll32.exe	28
PID 2244 wrote to memory of 2392	2244	rundll32.exe	28
PID 2244 wrote to memory of 2392	2244	rundll32.exe	28
PID 2244 wrote to memory of 2392	2244	rundll32.exe	28
PID 2392 wrote to memory of 2084	2392	rundll32.exe	29
PID 2392 wrote to memory of 2084	2392	rundll32.exe	29
PID 2392 wrote to memory of 2084	2392	rundll32.exe	29
PID 2392 wrote to memory of 2084	2392	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\629a6d5b1218bb3a01413b0ce15e887b5964c5b1656056f6b87e468c3b681036_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\629a6d5b1218bb3a01413b0ce15e887b5964c5b1656056f6b87e468c3b681036_NeikiAnalytics.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 224
    3⤵
    - Program crash
    PID:2084