Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 05:02
Behavioral task
behavioral1
Sample
6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll
-
Size
38KB
-
MD5
6c0efd9f6707c658629ccdb877c64bb0
-
SHA1
e3720a0fa2416bcb3a86a2b04e121a5c18809e2a
-
SHA256
6aa85870d103c277bff8d458cc38a5be566b6dfc26f83bb69c5850572374a8d9
-
SHA512
8de845bc790b0be6d6f1b6e9bb23e07d4fe5ecf22dc390eb65c78be2f23919ed83b5fc122487f578e0726468dc6b2ca38ac9dccbda6ea1b52045db28eaa15fba
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7qsXU76m2smIVV:WD8w22laSR0V+3CJrVNXczJm
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2776 wrote to memory of 2344 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2344 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2344 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2344 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2344 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2344 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2344 2776 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll,#12⤵
- Drops file in System32 directory