Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 05:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
478252a7cb63a5bf8e4b7ff683f2f2e0_NeikiAnalytics.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
478252a7cb63a5bf8e4b7ff683f2f2e0_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
478252a7cb63a5bf8e4b7ff683f2f2e0_NeikiAnalytics.dll
-
Size
329KB
-
MD5
478252a7cb63a5bf8e4b7ff683f2f2e0
-
SHA1
1815e9e8e405c0c471b4ce2adb0a6ac80088c91c
-
SHA256
f293b351420f4f72d1d5e7cbd56f619f562564f25828306dbf19a5b49dc2ac53
-
SHA512
aac812bcbfb9cc86ca59335e8288dad1792b28beff3696855303c7c1b59e37be524a1cf1919cf2b5d6f30320f0f99ac934175190b094e046f791331cbf93dc4e
-
SSDEEP
6144:RLmWnuNrNVUvPEmRyWHj8MVloEh5QLxCSPGIsTPNctYy6egz8zZ4SUcXgZHoi:RLmWuNrNVUXEYDQL5JsL+2DN8F4SUy5i
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3012 wrote to memory of 2600 3012 rundll32.exe 28 PID 3012 wrote to memory of 2600 3012 rundll32.exe 28 PID 3012 wrote to memory of 2600 3012 rundll32.exe 28 PID 3012 wrote to memory of 2600 3012 rundll32.exe 28 PID 3012 wrote to memory of 2600 3012 rundll32.exe 28 PID 3012 wrote to memory of 2600 3012 rundll32.exe 28 PID 3012 wrote to memory of 2600 3012 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\478252a7cb63a5bf8e4b7ff683f2f2e0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\478252a7cb63a5bf8e4b7ff683f2f2e0_NeikiAnalytics.dll,#12⤵PID:2600
-