Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 08:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll
Resource
win7-20240215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll
-
Size
327KB
-
MD5
4df730070597c0716eaaa2c4489b9be0
-
SHA1
995a2865d550bcbc04777e029173da4c42672286
-
SHA256
dcdad9c9764309f48f102a0748884aa28a8275c6381b76e8b53698d5512af3c3
-
SHA512
4487f0974f6c9a3ab4407c5d7aeef6926a925fdfac9934c368b332e0f09d9506a4a1551d20b03e359a0291af1785faaf2bdb966035e610b7430bba6594ba2550
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2016 wrote to memory of 2300 2016 rundll32.exe 28 PID 2016 wrote to memory of 2300 2016 rundll32.exe 28 PID 2016 wrote to memory of 2300 2016 rundll32.exe 28 PID 2016 wrote to memory of 2300 2016 rundll32.exe 28 PID 2016 wrote to memory of 2300 2016 rundll32.exe 28 PID 2016 wrote to memory of 2300 2016 rundll32.exe 28 PID 2016 wrote to memory of 2300 2016 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll,#12⤵PID:2300
-