Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 08:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll
-
Size
5KB
-
MD5
93f27251de83baa23533e5ad381ee350
-
SHA1
fb519bdd30cb03346f40a0a33fe11bb2dd0f67e8
-
SHA256
3a52fe54c9c80c508dbbdef7f066f55b473cb4d00b8fc74e6e1dbe24ebd05a2d
-
SHA512
6a49bf1ce43804bcc419faaa0ce96040c893fcc795c74f4db34d57bde26341b0af71e88b8e69a81476fc22dd8c8e8b400126d077d12819fa9ff8a524caa7c7a2
-
SSDEEP
96:hy859x0P8MapRKLEdnYGE12klwUrU7KiYOvPdEm:F5oL40sYGnkJKKO
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2056 2856 rundll32.exe 28 PID 2856 wrote to memory of 2056 2856 rundll32.exe 28 PID 2856 wrote to memory of 2056 2856 rundll32.exe 28 PID 2856 wrote to memory of 2056 2856 rundll32.exe 28 PID 2856 wrote to memory of 2056 2856 rundll32.exe 28 PID 2856 wrote to memory of 2056 2856 rundll32.exe 28 PID 2856 wrote to memory of 2056 2856 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93f27251de83baa23533e5ad381ee350_NeikiAnalytics.dll,#12⤵PID:2056
-