Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 11:19
Behavioral task
behavioral1
Sample
75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll
-
Size
74KB
-
MD5
75a7026211c9ab06cea268c68c017140
-
SHA1
6e31fefb734131b3aac09296aa5e9a167d1cc649
-
SHA256
05c78202b39b75f60077ceae38314f03019f1f4883bf60d9da4b78535afe9726
-
SHA512
c20a57948cd74edc6d24986118d8f4f55233dca18e38e2cba310926d1def83ded8b017ecbfc77dcfffeb92f876d708355a3b1f6b46d4a3348bb8fc4a9a0b2831
-
SSDEEP
1536:QZZZZZZZZZZZZpXzzzzzzzzzzzziMgDSctY8w3iQjFruiMAKXRtMqqU+2bbbAV2L:xTntqSQRruiMvTMqqDL2/Awvd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2144 612 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2076 wrote to memory of 612 2076 rundll32.exe rundll32.exe PID 2076 wrote to memory of 612 2076 rundll32.exe rundll32.exe PID 2076 wrote to memory of 612 2076 rundll32.exe rundll32.exe PID 2076 wrote to memory of 612 2076 rundll32.exe rundll32.exe PID 2076 wrote to memory of 612 2076 rundll32.exe rundll32.exe PID 2076 wrote to memory of 612 2076 rundll32.exe rundll32.exe PID 2076 wrote to memory of 612 2076 rundll32.exe rundll32.exe PID 612 wrote to memory of 2144 612 rundll32.exe WerFault.exe PID 612 wrote to memory of 2144 612 rundll32.exe WerFault.exe PID 612 wrote to memory of 2144 612 rundll32.exe WerFault.exe PID 612 wrote to memory of 2144 612 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:612 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 2323⤵
- Program crash
PID:2144