Analysis
-
max time kernel
131s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 00:03
Behavioral task
behavioral1
Sample
6e25d2b490ca487a17595dcdc8d9e830_NeikiAnalytics.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
6e25d2b490ca487a17595dcdc8d9e830_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
6e25d2b490ca487a17595dcdc8d9e830_NeikiAnalytics.dll
-
Size
73KB
-
MD5
6e25d2b490ca487a17595dcdc8d9e830
-
SHA1
5cd4aebd2c518e826de6ff20f05fc831a553dd4d
-
SHA256
804cb51aa24448bc1538e41d9b13bdbb2e4d70358bdc85ab8f81688298d82e3e
-
SHA512
8fdc2947159d059b9389d4d8308d7a25ef12d293169527bb1a2f2786b95876f753ae58f83e9b4a252c0931eefb79dc8f6639994eb775d980e6e0b0bf341a12fd
-
SSDEEP
1536:VZZZZZZZZZZZZpXzzzzzzzzzzzzvfhOwetvnh1HU1U5wHQzsMqqU+2bbbAV2/S2L:rRGvv01U5wGsMqqDL2/sUvdWi
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1092 4052 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1636 wrote to memory of 4052 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 4052 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 4052 1636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e25d2b490ca487a17595dcdc8d9e830_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e25d2b490ca487a17595dcdc8d9e830_NeikiAnalytics.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 6243⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4052 -ip 40521⤵