Analysis
-
max time kernel
133s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 19:43
Behavioral task
behavioral1
Sample
7e8297fcc1de6051ef5062c601042d60_NeikiAnalytics.dll
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
General
-
Target
7e8297fcc1de6051ef5062c601042d60_NeikiAnalytics.dll
-
Size
68KB
-
MD5
7e8297fcc1de6051ef5062c601042d60
-
SHA1
f069f61afd10fcc66291a85e74e896738f044435
-
SHA256
8a109d748a994bc877d3241de3d0d8c9f6bbf9902971c31afe750a0b11741da3
-
SHA512
bb646f7d137c4c9f8fdf573f714643cf71d1d5594708ad8cb679af35db6976d823339c1c93434dfa8607ea1365528c4bcdb8a177b21cdeab7f79435df44ff2c0
-
SSDEEP
1536:MLNd/Pk7btaoX7DypKr0wN3YIUSS9eyBRbW0iZs32:GNhY5aora80m3YI7KbWXs3
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
rundll32.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncunhunn.exe rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1516 2724 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3136 wrote to memory of 2724 3136 rundll32.exe rundll32.exe PID 3136 wrote to memory of 2724 3136 rundll32.exe rundll32.exe PID 3136 wrote to memory of 2724 3136 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7e8297fcc1de6051ef5062c601042d60_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7e8297fcc1de6051ef5062c601042d60_NeikiAnalytics.dll,#12⤵
- Drops startup file
PID:2724 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 6403⤵
- Program crash
PID:1516
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2724 -ip 27241⤵PID:2500
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2724-0-0x0000000010000000-0x0000000010014000-memory.dmpFilesize
80KB