Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 07:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9f824951b4caa6716b274fca1a2fb9b0_NeikiAnalytics.dll
Resource
win7-20240419-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
9f824951b4caa6716b274fca1a2fb9b0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
9f824951b4caa6716b274fca1a2fb9b0_NeikiAnalytics.dll
-
Size
81KB
-
MD5
9f824951b4caa6716b274fca1a2fb9b0
-
SHA1
075b7215b5a1590f881d91390c5967c32cd5e48d
-
SHA256
e008eca0ab0121b2c67aa2ee56fe98c21850ec78008f80ee4926b817ae713fa0
-
SHA512
9c01719ac4e55d995e663ea00d9dc4668d569fa21d5501e175c07b054c7b7b98b916198302db9db2bbc1d6c49b95b1f04ad97a5b220d6c6fd6515e41c6ae81da
-
SSDEEP
1536:LtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wd:L4v4JKXTx71w0ArSsXF3enq8Wd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f824951b4caa6716b274fca1a2fb9b0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f824951b4caa6716b274fca1a2fb9b0_NeikiAnalytics.dll,#12⤵PID:3024
-