Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
23-06-2024 12:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
004a0a2fc3afb0739e814fa0825899b3f326bbdc14e59ac399c7322335dd0ae5_NeikiAnalytics.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
General
-
Target
004a0a2fc3afb0739e814fa0825899b3f326bbdc14e59ac399c7322335dd0ae5_NeikiAnalytics.dll
-
Size
904KB
-
MD5
029f70de2975b7863926b5f5997c97f0
-
SHA1
4b92db71ac1749421311a86ea6aa9808109112bf
-
SHA256
004a0a2fc3afb0739e814fa0825899b3f326bbdc14e59ac399c7322335dd0ae5
-
SHA512
de80100e6b301070efbf27bd8eee74a144cd85c1bba16e78383c804daea74479fe3ddf1ef80863b6fe3a01c340625d9d0433b8a509eecb5866e00e75ea6f83c7
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY2jjjjjjjjjjjjjjjjjjjjjj4:o6RI1Fo/wT3cJYYYYYYYYYYYYP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2444 wrote to memory of 1272 2444 rundll32.exe 28 PID 2444 wrote to memory of 1272 2444 rundll32.exe 28 PID 2444 wrote to memory of 1272 2444 rundll32.exe 28 PID 2444 wrote to memory of 1272 2444 rundll32.exe 28 PID 2444 wrote to memory of 1272 2444 rundll32.exe 28 PID 2444 wrote to memory of 1272 2444 rundll32.exe 28 PID 2444 wrote to memory of 1272 2444 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\004a0a2fc3afb0739e814fa0825899b3f326bbdc14e59ac399c7322335dd0ae5_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\004a0a2fc3afb0739e814fa0825899b3f326bbdc14e59ac399c7322335dd0ae5_NeikiAnalytics.dll,#12⤵PID:1272
-