Analysis
-
max time kernel
140s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
16dffdf178bcae05086d335765a45c70_NeikiAnalytics.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
16dffdf178bcae05086d335765a45c70_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
16dffdf178bcae05086d335765a45c70_NeikiAnalytics.dll
-
Size
6KB
-
MD5
16dffdf178bcae05086d335765a45c70
-
SHA1
a93628a2d2b6d362fb628a267783c9741e8e4f0c
-
SHA256
1b6fd74954c0ff148ac3d49577834a4e8cdfe9d361b5af6c1e6d34290dd9a2f9
-
SHA512
13d4a2162d32c333a864b05d76d97f6c7429705087050772adbae873de9710030f92d65f33a2b848a51cf5299a841a29ea507ee57ec901dfc6793139fe49c1a0
-
SSDEEP
96:hy859x0P8MaW5qtkrGCiJsvKiGfqs1XRt:F5oLWXCi7R
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2700 wrote to memory of 3416 2700 rundll32.exe rundll32.exe PID 2700 wrote to memory of 3416 2700 rundll32.exe rundll32.exe PID 2700 wrote to memory of 3416 2700 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16dffdf178bcae05086d335765a45c70_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16dffdf178bcae05086d335765a45c70_NeikiAnalytics.dll,#12⤵