Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 10:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2a03e413ffdfbcbafb87c9c234e01c60_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2a03e413ffdfbcbafb87c9c234e01c60_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
2a03e413ffdfbcbafb87c9c234e01c60_NeikiAnalytics.dll
-
Size
3KB
-
MD5
2a03e413ffdfbcbafb87c9c234e01c60
-
SHA1
4a8572d835aff26836e479af2340a9ca4e9d2642
-
SHA256
14e1dafc5651f37b8585f8499934c7b2b0d239ec9e15c89211f66748b006a15f
-
SHA512
86f0cedb8243aac34815a746ed3f945bc765ba20f02a81d06dcc57034f728fd3a386b22d9407a4e61f692f7311a2480360a95f1a48aa7df9ed9b401487a31a5a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1688 wrote to memory of 1976 1688 rundll32.exe 28 PID 1688 wrote to memory of 1976 1688 rundll32.exe 28 PID 1688 wrote to memory of 1976 1688 rundll32.exe 28 PID 1688 wrote to memory of 1976 1688 rundll32.exe 28 PID 1688 wrote to memory of 1976 1688 rundll32.exe 28 PID 1688 wrote to memory of 1976 1688 rundll32.exe 28 PID 1688 wrote to memory of 1976 1688 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2a03e413ffdfbcbafb87c9c234e01c60_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2a03e413ffdfbcbafb87c9c234e01c60_NeikiAnalytics.dll,#12⤵PID:1976
-