Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 14:00
Behavioral task
behavioral1
Sample
11324f2ad46c27faba16aca96f4aba50_NeikiAnalytics.dll
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
11324f2ad46c27faba16aca96f4aba50_NeikiAnalytics.dll
Resource
win10v2004-20240226-en
5 signatures
150 seconds
General
-
Target
11324f2ad46c27faba16aca96f4aba50_NeikiAnalytics.dll
-
Size
76KB
-
MD5
11324f2ad46c27faba16aca96f4aba50
-
SHA1
23f4301e90a69222ca4db2416b5e83b37cfa436a
-
SHA256
9d9eff6b06b3056d84e8ecd9272c7172fcce3bcdd7b8cb0bfea6df7572da65a0
-
SHA512
182b63e9fdf612367e1a1f004731c07b51f048d7f66a35020fddc9722864b6c5e8f8a3f462de17b924ae6cb39c3ebb1b2ed752a7ce621c46add71b82b86537c8
-
SSDEEP
1536:BZZZZZZZZZZZZJOEDlwYSMQsGHxg0TS+XKaeMqqU+2bbbAV2/S2TrKUD:zlZHQsozTS+neMqqDL2/TrK
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2024 1704 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2052 wrote to memory of 1704 2052 rundll32.exe rundll32.exe PID 2052 wrote to memory of 1704 2052 rundll32.exe rundll32.exe PID 2052 wrote to memory of 1704 2052 rundll32.exe rundll32.exe PID 2052 wrote to memory of 1704 2052 rundll32.exe rundll32.exe PID 2052 wrote to memory of 1704 2052 rundll32.exe rundll32.exe PID 2052 wrote to memory of 1704 2052 rundll32.exe rundll32.exe PID 2052 wrote to memory of 1704 2052 rundll32.exe rundll32.exe PID 1704 wrote to memory of 2024 1704 rundll32.exe WerFault.exe PID 1704 wrote to memory of 2024 1704 rundll32.exe WerFault.exe PID 1704 wrote to memory of 2024 1704 rundll32.exe WerFault.exe PID 1704 wrote to memory of 2024 1704 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\11324f2ad46c27faba16aca96f4aba50_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\11324f2ad46c27faba16aca96f4aba50_NeikiAnalytics.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 2283⤵
- Program crash
PID:2024