Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26-05-2024 05:02
General
-
Target
6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll
-
Size
38KB
-
MD5
6c0efd9f6707c658629ccdb877c64bb0
-
SHA1
e3720a0fa2416bcb3a86a2b04e121a5c18809e2a
-
SHA256
6aa85870d103c277bff8d458cc38a5be566b6dfc26f83bb69c5850572374a8d9
-
SHA512
8de845bc790b0be6d6f1b6e9bb23e07d4fe5ecf22dc390eb65c78be2f23919ed83b5fc122487f578e0726468dc6b2ca38ac9dccbda6ea1b52045db28eaa15fba
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7qsXU76m2smIVV:WD8w22laSR0V+3CJrVNXczJm
Score
10/10
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Drops file in System32 directory 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll,#12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 60 -ip 601⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/60-1-0x0000000010000000-0x000000001000D000-memory.dmpFilesize
52KB