Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 01:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e6b4d2c7bd9bb11dcca90c095642f100_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
e6b4d2c7bd9bb11dcca90c095642f100_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
e6b4d2c7bd9bb11dcca90c095642f100_NeikiAnalytics.dll
-
Size
143KB
-
MD5
e6b4d2c7bd9bb11dcca90c095642f100
-
SHA1
718f2c8178ebad4b18d9e8d1552721d50ad087a8
-
SHA256
d96a1638beb77c9099c36aceb5a03b4f530ee130292c6c58419337120ecd2d04
-
SHA512
b3158ab898714b9ed3f8284c6d54830f9c5082334d1fb747ba2d850f61fc1c19ebd13def4b73ab591379b90b628b269a88184335fc92aa7c6117a76d0d65c5d7
-
SSDEEP
3072:Mm4AppEsL9psXmZ0AaddndNdYdqs0dOx9EDLdQtFO71EpuWuS71Ea+B5p0:Mm4AppESUddndNdYdT0dO8KaBERBEzF
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2272 wrote to memory of 1544 2272 rundll32.exe 28 PID 2272 wrote to memory of 1544 2272 rundll32.exe 28 PID 2272 wrote to memory of 1544 2272 rundll32.exe 28 PID 2272 wrote to memory of 1544 2272 rundll32.exe 28 PID 2272 wrote to memory of 1544 2272 rundll32.exe 28 PID 2272 wrote to memory of 1544 2272 rundll32.exe 28 PID 2272 wrote to memory of 1544 2272 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e6b4d2c7bd9bb11dcca90c095642f100_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2272 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e6b4d2c7bd9bb11dcca90c095642f100_NeikiAnalytics.dll,#12⤵PID:1544
-