Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 02:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll
-
Size
10KB
-
MD5
582603f8faa0572ceb8b003154901970
-
SHA1
b132744f1a8bce961daa67d1542425f62e9467cc
-
SHA256
0aaf8e0ec00f4ec7847b5ff177866c185a2a0480a61014981240852a48a33834
-
SHA512
103220aa602ad406b4217270faaca935961bac6fb6c9374a2cdc89a28db6895f7a744e1653c621a5445a0892ab8afe3c9132ad9ec28dd741cbd62819a2cb3555
-
SSDEEP
96:mzpyn7pC41Xf+JAjhXmKmXSjiT/8oMmcm3wV7PWmef3mCm3Ml9LuRY:8y7phhuQmK0SiaSnTqM
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1936 wrote to memory of 2132 1936 rundll32.exe 28 PID 1936 wrote to memory of 2132 1936 rundll32.exe 28 PID 1936 wrote to memory of 2132 1936 rundll32.exe 28 PID 1936 wrote to memory of 2132 1936 rundll32.exe 28 PID 1936 wrote to memory of 2132 1936 rundll32.exe 28 PID 1936 wrote to memory of 2132 1936 rundll32.exe 28 PID 1936 wrote to memory of 2132 1936 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll,#12⤵PID:2132
-