Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
27-05-2024 23:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
General
-
Target
2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll
-
Size
661KB
-
MD5
2557a956af76f7f0fb9f075f8a0aa620
-
SHA1
9533852ea0214ad3bb01dc13cc158f6f5d64a565
-
SHA256
dee8670f692ddccff91c41a0fb0046fca861eb181aa3863624fa884b749809c1
-
SHA512
723f405a71ca541061901e4c98fa01c69821e550ca6fc4bf3c9063c9f828b9bd23e57874beaf5ad756addabfe27718c66f7d319505a6d32686e8e92efa18e614
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYc:o6RI1Fo/wT3cJYYYYYYYYYYYYc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1660 wrote to memory of 2128 1660 rundll32.exe 28 PID 1660 wrote to memory of 2128 1660 rundll32.exe 28 PID 1660 wrote to memory of 2128 1660 rundll32.exe 28 PID 1660 wrote to memory of 2128 1660 rundll32.exe 28 PID 1660 wrote to memory of 2128 1660 rundll32.exe 28 PID 1660 wrote to memory of 2128 1660 rundll32.exe 28 PID 1660 wrote to memory of 2128 1660 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll,#12⤵PID:2128
-