Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a4c8df58ad797ee49ab9752425e11700_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a4c8df58ad797ee49ab9752425e11700_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
a4c8df58ad797ee49ab9752425e11700_NeikiAnalytics.dll
-
Size
22KB
-
MD5
a4c8df58ad797ee49ab9752425e11700
-
SHA1
4af98cae0b810077ba213c5d7ef172c9f673e546
-
SHA256
593b46857a8477653f2c4bae7a04f2d6d355e902a024c559d3985e2b7fff07eb
-
SHA512
a1d7048230878632f0129367f5cd664783cda72ca45eafd8076e3324441f65c5ca01064046afc8094443428692070b2cad57f35e3761cacc3fed0118616b9ea9
-
SSDEEP
384:SXwH4rnFmjdqTkc70tIqICWv/eq+gCyQ7G7k0iaGAV2DdHme/PafMjnHOpMf+:swyAUoc7uIfeq+gjf7kBa3q2pM2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3556 wrote to memory of 3484 3556 rundll32.exe 81 PID 3556 wrote to memory of 3484 3556 rundll32.exe 81 PID 3556 wrote to memory of 3484 3556 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a4c8df58ad797ee49ab9752425e11700_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3556 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a4c8df58ad797ee49ab9752425e11700_NeikiAnalytics.dll,#12⤵PID:3484
-