Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 11:28
Behavioral task
behavioral1
Sample
dd487124d0350a64d4437e4c5cd67630_NeikiAnalytics.dll
Resource
win7-20231129-en
3 signatures
150 seconds
General
-
Target
dd487124d0350a64d4437e4c5cd67630_NeikiAnalytics.dll
-
Size
68KB
-
MD5
dd487124d0350a64d4437e4c5cd67630
-
SHA1
9748f92ad1ee609de8cc554b0a49bb9e1c928ffc
-
SHA256
3f11b1baea4d963b84619414c42c0bb1b78453bd18660bfe59e77893434c6223
-
SHA512
65760988f027bb0515bae118469413bec99d2b21b7850b45944ef9af50d2f3164a513a0c35b973b8b5967dcfa824c89a50e10a7df23a23e397afa8e3ae2cad28
-
SSDEEP
1536:MLNd/Pk7btaoX7DypKr0wN9YIUSS9erBml0iZs3m:GNhY5aora80m9YI74lXs3
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
rundll32.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvoyqths.exe rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3060 wrote to memory of 2212 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2212 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2212 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2212 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2212 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2212 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2212 3060 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dd487124d0350a64d4437e4c5cd67630_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dd487124d0350a64d4437e4c5cd67630_NeikiAnalytics.dll,#12⤵
- Drops startup file