Analysis

  • max time kernel
    133s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 06:44

General

  • Target

    4a39bcb4f86451de1f68ace1e3f8d410_NeikiAnalytics.dll

  • Size

    368KB

  • MD5

    4a39bcb4f86451de1f68ace1e3f8d410

  • SHA1

    35c69e7f2cee4c78d7f45b9c1888f73a1d5f16e6

  • SHA256

    2ebad2c2a539428fba1cc3f0874d784b40ea1435edcffbe66fae235f0db019eb

  • SHA512

    d1aa8f6c92fc2ab255747d1b7e64a3edaa1434a59c3becb0f11c169ead01ad521edfb6476e1384cba847237a3fabcfb5de0a38ba1ef7599a15b1d03bf7d67845

  • SSDEEP

    6144:xPH6I5GggBCiYWfQ+tYXKC6m4AP2pkTQRptobsawwkG/wL6lS1S:xPyBsO2Xn6m4APpQjtYsaT/wLAS1

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a39bcb4f86451de1f68ace1e3f8d410_NeikiAnalytics.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3912
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a39bcb4f86451de1f68ace1e3f8d410_NeikiAnalytics.dll,#1
      2⤵
        PID:5024
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 748
          3⤵
          • Program crash
          PID:3436
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5024 -ip 5024
      1⤵
        PID:3624

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads