Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll
-
Size
10KB
-
MD5
582603f8faa0572ceb8b003154901970
-
SHA1
b132744f1a8bce961daa67d1542425f62e9467cc
-
SHA256
0aaf8e0ec00f4ec7847b5ff177866c185a2a0480a61014981240852a48a33834
-
SHA512
103220aa602ad406b4217270faaca935961bac6fb6c9374a2cdc89a28db6895f7a744e1653c621a5445a0892ab8afe3c9132ad9ec28dd741cbd62819a2cb3555
-
SSDEEP
96:mzpyn7pC41Xf+JAjhXmKmXSjiT/8oMmcm3wV7PWmef3mCm3Ml9LuRY:8y7phhuQmK0SiaSnTqM
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1016 wrote to memory of 3664 1016 rundll32.exe 82 PID 1016 wrote to memory of 3664 1016 rundll32.exe 82 PID 1016 wrote to memory of 3664 1016 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\582603f8faa0572ceb8b003154901970_NeikiAnalytics.dll,#12⤵PID:3664
-