Analysis
-
max time kernel
125s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2024 22:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
70e5a6665b8b1ca95582faa2cccb9310_NeikiAnalytics.dll
Resource
win7-20240419-en
windows7-x64
2 signatures
150 seconds
General
-
Target
70e5a6665b8b1ca95582faa2cccb9310_NeikiAnalytics.dll
-
Size
622KB
-
MD5
70e5a6665b8b1ca95582faa2cccb9310
-
SHA1
0f2cbc26366a9e365c8e15a2c07fc2ad174dfcdb
-
SHA256
dbf262eb236b79628f71b99d75d1310de48704bad08c0413f5220bc8d1bff09c
-
SHA512
2e7942326690d82aa835134e2e2566034b2d81dc643fa3c5266948b6e96648ab7b2c3725cb1a4aed31cd6d0b4b805adea53efbb2b9b7d5e77b9d0a2c3594c44e
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYA:o6RI1Fo/wT3cJYYYYYYYYYYYYA
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3592 wrote to memory of 3212 3592 rundll32.exe 89 PID 3592 wrote to memory of 3212 3592 rundll32.exe 89 PID 3592 wrote to memory of 3212 3592 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\70e5a6665b8b1ca95582faa2cccb9310_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\70e5a6665b8b1ca95582faa2cccb9310_NeikiAnalytics.dll,#12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:81⤵PID:2036