116be44f57b16095315f2a1abe2cbd86c6cb7008fe27968c57004e95607f3454

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 20:25

Target

116be44f57b16095315f2a1abe2cbd86c6cb7008fe27968c57004e95607f3454_NeikiAnalytics.dll
Size

1.7MB
MD5

7be263aa2f438495ba8475255a1f6da0
SHA1

69c406dc81744e0a1967ad9cc72b03aefa1b7782
SHA256

116be44f57b16095315f2a1abe2cbd86c6cb7008fe27968c57004e95607f3454
SHA512

886438e7c046b759fa9e1c7c5ec85aa511ca0758db985b92d414d3fdae65a96ce705383489aa11b1ee1850e1d053b424f58c78df34f30db4fa70e89df227cf00
SSDEEP

24576:OvyUabUcBdPN0NCnGLtaoxZk1oWfgJj2ODaHVPy+zFh0lhSMXl62DjHeczJEBfLf:OqJAhMoxZOoWoJj28QQoclNJEBfF8

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2044	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2412	2044	rundll32.exe	28
PID 2044 wrote to memory of 2412	2044	rundll32.exe	28
PID 2044 wrote to memory of 2412	2044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\116be44f57b16095315f2a1abe2cbd86c6cb7008fe27968c57004e95607f3454_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2044 -s 92
  2⤵
  PID:2412