Analysis
-
max time kernel
132s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 05:29
Behavioral task
behavioral1
Sample
791835f5dc2d9209eddd4cd366e7e300_NeikiAnalytics.dll
Resource
win7-20240419-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
791835f5dc2d9209eddd4cd366e7e300_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
791835f5dc2d9209eddd4cd366e7e300_NeikiAnalytics.dll
-
Size
74KB
-
MD5
791835f5dc2d9209eddd4cd366e7e300
-
SHA1
6a04ec9bd64b8f46ad3714ff1ba2dcd4f7987afe
-
SHA256
2fe3ce4148ac9675a76c38f480f2f73c5e44e1f5a8375595d8f8ddf61748641e
-
SHA512
13fbe45b6065e18edd24d9afd998927f5dcca6cf11dfaf03da6b82ec597582a7abb459d87180488e9c79f721deb1244c26732a459784ce152e5c16e23c69c504
-
SSDEEP
1536:QZZZZZZZZZZZZpXzzzzzzzzzzzziMgDSctY8w3iQjFruiMAKXRtMqqU+2bbbAV2D:xTntqSQRruiMvTMqqDL2/Awvd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 596 1936 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1792 wrote to memory of 1936 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 1936 1792 rundll32.exe rundll32.exe PID 1792 wrote to memory of 1936 1792 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\791835f5dc2d9209eddd4cd366e7e300_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\791835f5dc2d9209eddd4cd366e7e300_NeikiAnalytics.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 6243⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1936 -ip 19361⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1960,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:81⤵