Overview

overview

3

Static

static

3

d48d467793...cs.dll

windows7-x64

1

d48d467793...cs.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 13:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d48d467793a629b1fc6a7af1b3399e70_NeikiAnalytics.dll

  • Size

    2.1MB

  • MD5

    d48d467793a629b1fc6a7af1b3399e70

  • SHA1

    e3b1575dcbadeceaa2363f4d51c9b46f97ab23c4

  • SHA256

    4c970f3fb267d0155c2dceb545ec4b0f52194ec773fa33cffd6295fb3bed4479

  • SHA512

    eb142fc1ad9beecddac534f7e746489fc47a533a0d4ced9c448e0a7a8c54c7ac270a18fa565ed459d0f777131cefafd297b4d75a64b356133fc8602dab8019a2

  • SSDEEP

    49152:l28rERtJFF4ogoe+9gdxK5f3FZISmvHm/BGzXLrM5:TrEbFZgoT9ge5fnISgm5uLrM5

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d48d467793a629b1fc6a7af1b3399e70_NeikiAnalytics.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d48d467793a629b1fc6a7af1b3399e70_NeikiAnalytics.dll,#1
      2⤵
        PID:2972

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2972-0-0x0000000000DB0000-0x0000000000DB6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/2972-1-0x0000000010000000-0x0000000010218000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/2972-3-0x0000000002B60000-0x0000000002C6F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2972-4-0x0000000002C70000-0x0000000002D65000-memory.dmp

            Filesize

            980KB

            Download

          • memory/2972-5-0x0000000002C70000-0x0000000002D65000-memory.dmp

            Filesize

            980KB

            Download

          • memory/2972-7-0x0000000002C70000-0x0000000002D65000-memory.dmp

            Filesize

            980KB

            Download

          • memory/2972-8-0x0000000002C70000-0x0000000002D65000-memory.dmp

            Filesize

            980KB

            Download

          • memory/2972-9-0x0000000002D70000-0x0000000004025000-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/2972-10-0x0000000004030000-0x0000000004114000-memory.dmp

            Filesize

            912KB

            Download

          • memory/2972-11-0x0000000004120000-0x0000000004203000-memory.dmp

            Filesize

            908KB

            Download

          • memory/2972-12-0x0000000004120000-0x0000000004203000-memory.dmp

            Filesize

            908KB

            Download

          • memory/2972-14-0x0000000004120000-0x0000000004203000-memory.dmp

            Filesize

            908KB

            Download

          • memory/2972-15-0x0000000000C50000-0x0000000000C52000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2972-16-0x0000000029F80000-0x0000000029F84000-memory.dmp

            Filesize

            16KB

            Download