Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 02:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
150dc4587f275087f66586335b3f1770_NeikiAnalytics.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
150dc4587f275087f66586335b3f1770_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
150dc4587f275087f66586335b3f1770_NeikiAnalytics.dll
-
Size
5KB
-
MD5
150dc4587f275087f66586335b3f1770
-
SHA1
1d91c64ae0e55d464187deadbb8a6285f2aa6b47
-
SHA256
30ce5196419c5d7dc149ce9e149e95f43b39d5db1907dbc7c3d3952f8d0f5849
-
SHA512
7ad07c03233477f446389d035b85110d7aa5db06427eacdce69a64dd0ec0073855cb23533d0b6df37b4515e211086839d5938ebdb2273610fea21f67c837f199
-
SSDEEP
48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqCsUll6rE4t18mU5ei564GRwctJH9Y21RVP:hy859x0P8Ma8nWE4Me34etN9jVZgr
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2012 wrote to memory of 1752 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 1752 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 1752 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 1752 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 1752 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 1752 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 1752 2012 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\150dc4587f275087f66586335b3f1770_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\150dc4587f275087f66586335b3f1770_NeikiAnalytics.dll,#12⤵