Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 06:17
Behavioral task
behavioral1
Sample
7ab6655bf36121af49a0618e6325e8f0_NeikiAnalytics.dll
Resource
win7-20240419-en
3 signatures
150 seconds
General
-
Target
7ab6655bf36121af49a0618e6325e8f0_NeikiAnalytics.dll
-
Size
38KB
-
MD5
7ab6655bf36121af49a0618e6325e8f0
-
SHA1
fbbcdb73fb347dde29409c4e1f9e4c090dcea637
-
SHA256
ae3f2a38a2af4c0e601c423a5bb4d82612cdf5cdf17e0a429f516dff9e20cbbd
-
SHA512
5a8b71dbd99820e28e6b684e0cdf9f8e0825f9f5730bb1edc7149bb868ab1fec62dc374a151c99c86a3eaec91c79dc9893e9cbb59a0e53e2e4cd3621d6c42ba3
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV72IXU76m2syhVV:WD8w22laSR0V+3CJrVpXczJy
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1992 wrote to memory of 3020 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 3020 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 3020 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 3020 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 3020 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 3020 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 3020 1992 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab6655bf36121af49a0618e6325e8f0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab6655bf36121af49a0618e6325e8f0_NeikiAnalytics.dll,#12⤵
- Drops file in System32 directory