Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31-05-2024 04:29
Behavioral task
behavioral1
Sample
772283c17e80d7ebcfafefeedb261f40_NeikiAnalytics.dll
Resource
win7-20231129-en
3 signatures
150 seconds
General
-
Target
772283c17e80d7ebcfafefeedb261f40_NeikiAnalytics.dll
-
Size
127KB
-
MD5
772283c17e80d7ebcfafefeedb261f40
-
SHA1
79a9064413616d6fa07c05ba8edd3d06e711900e
-
SHA256
17a8cef3b5655f4fe6117629b7400f078506e02accc4705f1357cbac55f9522a
-
SHA512
f47a0698ccb784511c045a7dba49bb9534caceb9150ecd8083a80c9f8d85f1aa870fa3251dff17a80cba650c311c7e679cb386ce9a6c11d16793042b253a8d25
-
SSDEEP
3072:OMbIWiyr7pjvTUoBFEbWwIUJlTBft3+G+N:OCIWiyr7JTn16lTBl3+G
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eckkrsvl.exe rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2880 wrote to memory of 2900 2880 rundll32.exe 28 PID 2880 wrote to memory of 2900 2880 rundll32.exe 28 PID 2880 wrote to memory of 2900 2880 rundll32.exe 28 PID 2880 wrote to memory of 2900 2880 rundll32.exe 28 PID 2880 wrote to memory of 2900 2880 rundll32.exe 28 PID 2880 wrote to memory of 2900 2880 rundll32.exe 28 PID 2880 wrote to memory of 2900 2880 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\772283c17e80d7ebcfafefeedb261f40_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\772283c17e80d7ebcfafefeedb261f40_NeikiAnalytics.dll,#12⤵
- Drops startup file
PID:2900
-