Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a2bdb45df4ac7a997697f64f3e0db650_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a2bdb45df4ac7a997697f64f3e0db650_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
a2bdb45df4ac7a997697f64f3e0db650_NeikiAnalytics.dll
-
Size
81KB
-
MD5
a2bdb45df4ac7a997697f64f3e0db650
-
SHA1
8232d737f973fc437ac3c960168c5cbe79b83b5a
-
SHA256
d45ab366e162334ba270ab7f0f745ec3dd2f02f4ecf88fc7e990d30eadf1f618
-
SHA512
a61995341ababade5cbb62c64e019a9270bf49a03522fcb2871508da51dd722b6762607cf41287ef0ab59adb8464d8c95c78f145e48da674d65778fc8fa9c84c
-
SSDEEP
1536:EtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WM:E4v4JKXTx71w0ArSsXF3enq8WM
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3636 wrote to memory of 1748 3636 rundll32.exe 83 PID 3636 wrote to memory of 1748 3636 rundll32.exe 83 PID 3636 wrote to memory of 1748 3636 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a2bdb45df4ac7a997697f64f3e0db650_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3636 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a2bdb45df4ac7a997697f64f3e0db650_NeikiAnalytics.dll,#12⤵PID:1748
-