Overview
overview
10Static
static
374bcda5c9a...cs.exe
windows7-x64
1074bcda5c9a...cs.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3advertising.html
windows7-x64
1advertising.html
windows10-2004-x64
1modernizr-...min.js
windows7-x64
3modernizr-...min.js
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31-05-2024 03:13
Static task
static1
Behavioral task
behavioral1
Sample
74bcda5c9a93045fe2417b8f021e5320_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
74bcda5c9a93045fe2417b8f021e5320_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
advertising.html
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
advertising.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
modernizr-2.7.1.min.js
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
modernizr-2.7.1.min.js
Resource
win10v2004-20240426-en
General
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
477b78e5db22b4e651b6bec39d5c1acf
-
SHA1
418038f8d4db22471f55206aa8eb372f3f133d0d
-
SHA256
80d84f6c405f4e7b51d3e0c7c10b06ce60b28a43451bbe0e6e464d5e4783fc35
-
SHA512
6658a0718a6c15a6f0767d87d604ced9d2f3a1494eb6e44d39507687b9e675a05d026b68a7ef8a311b10863e229a963c8ea6f6efb1d92b0657b32ee836adfe21
-
SSDEEP
192:oB8cxzvTyl4tgi8pPjQM0PuAg0YNyPIFtSP:oBxzm+t18pZ0WAg0RPIFg
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2264 2184 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2152 wrote to memory of 2184 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 2184 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 2184 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 2184 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 2184 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 2184 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 2184 2152 rundll32.exe rundll32.exe PID 2184 wrote to memory of 2264 2184 rundll32.exe WerFault.exe PID 2184 wrote to memory of 2264 2184 rundll32.exe WerFault.exe PID 2184 wrote to memory of 2264 2184 rundll32.exe WerFault.exe PID 2184 wrote to memory of 2264 2184 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 2483⤵
- Program crash