Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 20:41

General

  • Target

    2281d20981212bbbcb298048288c2650_NeikiAnalytics.dll

  • Size

    618KB

  • MD5

    2281d20981212bbbcb298048288c2650

  • SHA1

    7256f119aa0aefdbf3aa29b1071d8202148da963

  • SHA256

    281a1f1850386820c6423b51ecd77096cd92013f3c6a3d2bf725d3c181eaa418

  • SHA512

    81316b8a096c146bfe3895042837d4984baaf512c0a5142f54e0b900402c723b30cab19b2e118c8f2b625d836bbb859ad0cb2ce4c712d9bce96001548463378d

  • SSDEEP

    6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY5:o6RI1Fo/wT3cJYYYYYYYYYYYY5

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2281d20981212bbbcb298048288c2650_NeikiAnalytics.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2281d20981212bbbcb298048288c2650_NeikiAnalytics.dll,#1
      2⤵
        PID:2140

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads