Analysis
-
max time kernel
129s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25-05-2024 07:03
General
-
Target
b2e1711b5795edc67eba9277668ef100_NeikiAnalytics.dll
-
Size
38KB
-
MD5
b2e1711b5795edc67eba9277668ef100
-
SHA1
8e29be8874551865b9f622843a745594ea129ef9
-
SHA256
3c5552d7a64839d791442bfdf6ec97d4adc81513596f4685739874f7738a5ffa
-
SHA512
268691ab24473a029d49b94c4117f457122b4b67cfaebd48d4211468a5f3477f7279b1788940ff8b280d99da4a4898fc3d163b75507b4e30c94420ffa5d5d355
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7WIXUq6m2sQqVV:WD8w22laSR0V+3CJrVtXtzJQ
Score
10/10
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Drops file in System32 directory 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2e1711b5795edc67eba9277668ef100_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2e1711b5795edc67eba9277668ef100_NeikiAnalytics.dll,#12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 6043⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4616 -ip 46161⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB