Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 01:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
72043c59a257f0df6a0b4181074724b0_NeikiAnalytics.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
72043c59a257f0df6a0b4181074724b0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
72043c59a257f0df6a0b4181074724b0_NeikiAnalytics.dll
-
Size
81KB
-
MD5
72043c59a257f0df6a0b4181074724b0
-
SHA1
77dc642f4d89e9e067083de826f294cc420b6f69
-
SHA256
271386cb4dbae608d4c92abcba50502fa2a8a0aadbd13933ef82a0fa24420a16
-
SHA512
e1aaa1da383912e233e09ca329a586a569100df12efb0dd2e519304c06decd80523bae3ba657a496e20855bb093a468a76ce969b4c636ea6b53d4c1b981ba79b
-
SSDEEP
1536:0tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WX:04v4JKXTx71w0ArSsXF3enq8WX
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1136 wrote to memory of 2248 1136 rundll32.exe rundll32.exe PID 1136 wrote to memory of 2248 1136 rundll32.exe rundll32.exe PID 1136 wrote to memory of 2248 1136 rundll32.exe rundll32.exe PID 1136 wrote to memory of 2248 1136 rundll32.exe rundll32.exe PID 1136 wrote to memory of 2248 1136 rundll32.exe rundll32.exe PID 1136 wrote to memory of 2248 1136 rundll32.exe rundll32.exe PID 1136 wrote to memory of 2248 1136 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\72043c59a257f0df6a0b4181074724b0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1136 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\72043c59a257f0df6a0b4181074724b0_NeikiAnalytics.dll,#12⤵PID:2248