Analysis
-
max time kernel
132s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 08:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll
Resource
win7-20240215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll
-
Size
327KB
-
MD5
4df730070597c0716eaaa2c4489b9be0
-
SHA1
995a2865d550bcbc04777e029173da4c42672286
-
SHA256
dcdad9c9764309f48f102a0748884aa28a8275c6381b76e8b53698d5512af3c3
-
SHA512
4487f0974f6c9a3ab4407c5d7aeef6926a925fdfac9934c368b332e0f09d9506a4a1551d20b03e359a0291af1785faaf2bdb966035e610b7430bba6594ba2550
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3980 wrote to memory of 3100 3980 rundll32.exe 82 PID 3980 wrote to memory of 3100 3980 rundll32.exe 82 PID 3980 wrote to memory of 3100 3980 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4df730070597c0716eaaa2c4489b9be0_NeikiAnalytics.dll,#12⤵PID:3100
-