Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 03:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5b27d6a755edcded1e9516b8a0522c60_NeikiAnalytics.dll
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5b27d6a755edcded1e9516b8a0522c60_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
5b27d6a755edcded1e9516b8a0522c60_NeikiAnalytics.dll
-
Size
5KB
-
MD5
5b27d6a755edcded1e9516b8a0522c60
-
SHA1
b900c1b95a9bd0849dba123810dfcac48ab05b08
-
SHA256
f12e44b1ebd6e5cb65db49d8ed3dddaf33fd96e9cd8c42aa067d6fb0817f7e18
-
SHA512
7d691fe67e74fd8217a2772cc6cb9c74550853c535bed7b07177d8be6e08500c53c7743a135b35b3f35598487bc9489583c46f83f2924d6a2dc60d7a7e1f7f86
-
SSDEEP
48:C6VonAHso6U7lYa92RrpjwDmetlG95hx+iMHh+/rblB3m41zKnR1KgFkeywBKNVq:nEY2RrF1eqwi4g//SP19RxuZDAkE
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2220 wrote to memory of 1564 2220 rundll32.exe 28 PID 2220 wrote to memory of 1564 2220 rundll32.exe 28 PID 2220 wrote to memory of 1564 2220 rundll32.exe 28 PID 2220 wrote to memory of 1564 2220 rundll32.exe 28 PID 2220 wrote to memory of 1564 2220 rundll32.exe 28 PID 2220 wrote to memory of 1564 2220 rundll32.exe 28 PID 2220 wrote to memory of 1564 2220 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5b27d6a755edcded1e9516b8a0522c60_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5b27d6a755edcded1e9516b8a0522c60_NeikiAnalytics.dll,#12⤵PID:1564
-