Analysis
-
max time kernel
129s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 11:19
Behavioral task
behavioral1
Sample
75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll
-
Size
74KB
-
MD5
75a7026211c9ab06cea268c68c017140
-
SHA1
6e31fefb734131b3aac09296aa5e9a167d1cc649
-
SHA256
05c78202b39b75f60077ceae38314f03019f1f4883bf60d9da4b78535afe9726
-
SHA512
c20a57948cd74edc6d24986118d8f4f55233dca18e38e2cba310926d1def83ded8b017ecbfc77dcfffeb92f876d708355a3b1f6b46d4a3348bb8fc4a9a0b2831
-
SSDEEP
1536:QZZZZZZZZZZZZpXzzzzzzzzzzzziMgDSctY8w3iQjFruiMAKXRtMqqU+2bbbAV2L:xTntqSQRruiMvTMqqDL2/Awvd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4760 2952 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2428 wrote to memory of 2952 2428 rundll32.exe rundll32.exe PID 2428 wrote to memory of 2952 2428 rundll32.exe rundll32.exe PID 2428 wrote to memory of 2952 2428 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75a7026211c9ab06cea268c68c017140_NeikiAnalytics.dll,#12⤵PID:2952
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 6243⤵
- Program crash
PID:4760
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2952 -ip 29521⤵PID:4784