Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 03:03
Static task
static1
Behavioral task
behavioral1
Sample
1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll
-
Size
2.0MB
-
MD5
1bc51fce95f4cb3a644d1d3a71ba9310
-
SHA1
f6e5178d52e9d6a396a8c9094cdc3a66410880b4
-
SHA256
082c2db178f25c2715a4ef21ce1d09f6dd106257476f6b5645b2cddbee0d69e2
-
SHA512
a700a505137f48dfcc52f92c482f5e5906383647b3c416c9b8cde1faabb4f551762972900bac80a6a2e10d85736d70378183e4985bb89c58f9dc3e1604f3e247
-
SSDEEP
49152:SE/4nJpHABvG0hM1RPFh5ksHQNU8EJq3RtdBi1:HEeURPFhasHQNU8EJqhrBK
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1224 wrote to memory of 2612 1224 rundll32.exe 28 PID 1224 wrote to memory of 2612 1224 rundll32.exe 28 PID 1224 wrote to memory of 2612 1224 rundll32.exe 28 PID 1224 wrote to memory of 2612 1224 rundll32.exe 28 PID 1224 wrote to memory of 2612 1224 rundll32.exe 28 PID 1224 wrote to memory of 2612 1224 rundll32.exe 28 PID 1224 wrote to memory of 2612 1224 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc51fce95f4cb3a644d1d3a71ba9310_NeikiAnalytics.dll,#12⤵PID:2612
-