Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 06:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
655d2c362fb71df7c4a10c2b09d62860_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
655d2c362fb71df7c4a10c2b09d62860_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
1 signatures
150 seconds
General
-
Target
655d2c362fb71df7c4a10c2b09d62860_NeikiAnalytics.dll
-
Size
250KB
-
MD5
655d2c362fb71df7c4a10c2b09d62860
-
SHA1
23bdc23126851f2faf6237c97f94af984c5b5ec0
-
SHA256
edae94fdfce2fa81b2f18f097d8e36493f8e2342bcd21b9adbf4a0686260e6f0
-
SHA512
dfdb4bc7095dbfba8b7e9df8fd103314a35d8967909d9445b3afc587aca41c55de270f71c1441277467ca95bbb10cae0d9fbee92fa8a52790dc97213918405f5
-
SSDEEP
6144:HmSjo8fmOi5INzDoM6uEGu6xK4RScrqqpPxFGUHzMcD:Hm2ROOi5ICM68bxPRScrqsx8U9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2224 wrote to memory of 1800 2224 rundll32.exe 28 PID 2224 wrote to memory of 1800 2224 rundll32.exe 28 PID 2224 wrote to memory of 1800 2224 rundll32.exe 28 PID 2224 wrote to memory of 1800 2224 rundll32.exe 28 PID 2224 wrote to memory of 1800 2224 rundll32.exe 28 PID 2224 wrote to memory of 1800 2224 rundll32.exe 28 PID 2224 wrote to memory of 1800 2224 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\655d2c362fb71df7c4a10c2b09d62860_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\655d2c362fb71df7c4a10c2b09d62860_NeikiAnalytics.dll,#12⤵PID:1800
-