Analysis
-
max time kernel
131s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27-05-2024 23:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
General
-
Target
2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll
-
Size
661KB
-
MD5
2557a956af76f7f0fb9f075f8a0aa620
-
SHA1
9533852ea0214ad3bb01dc13cc158f6f5d64a565
-
SHA256
dee8670f692ddccff91c41a0fb0046fca861eb181aa3863624fa884b749809c1
-
SHA512
723f405a71ca541061901e4c98fa01c69821e550ca6fc4bf3c9063c9f828b9bd23e57874beaf5ad756addabfe27718c66f7d319505a6d32686e8e92efa18e614
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYc:o6RI1Fo/wT3cJYYYYYYYYYYYYc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3420 wrote to memory of 936 3420 rundll32.exe 83 PID 3420 wrote to memory of 936 3420 rundll32.exe 83 PID 3420 wrote to memory of 936 3420 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3420 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2557a956af76f7f0fb9f075f8a0aa620_NeikiAnalytics.dll,#12⤵PID:936
-