Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/06/2024, 22:17
Static task
static1
Behavioral task
behavioral1
Sample
05b0842803f9e49b472744b86cc3cc16b1f4b3d8822d370d7cea2bcfec69ea8c_NeikiAnalytics.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
05b0842803f9e49b472744b86cc3cc16b1f4b3d8822d370d7cea2bcfec69ea8c_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
05b0842803f9e49b472744b86cc3cc16b1f4b3d8822d370d7cea2bcfec69ea8c_NeikiAnalytics.dll
-
Size
4KB
-
MD5
32efb5c134c7791e9dcd98e4c43dfa70
-
SHA1
30250fbb9775014559ae997de2f159ad37d5c80a
-
SHA256
05b0842803f9e49b472744b86cc3cc16b1f4b3d8822d370d7cea2bcfec69ea8c
-
SHA512
f79d0ccd9ab441f74426c9b07b2c87c49e834459a9814b37809fea51896384c61e7d35f08c040578ee5c2a56dfdc49e9cec43ad293fb5e0180afdf1e0a6719aa
-
SSDEEP
48:SWkO0IoyTnXz+ihZjok+daG0NvzPXKlModUsGs:ZJTnXzvokcU7PXMvb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2044 wrote to memory of 4660 2044 rundll32.exe 81 PID 2044 wrote to memory of 4660 2044 rundll32.exe 81 PID 2044 wrote to memory of 4660 2044 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05b0842803f9e49b472744b86cc3cc16b1f4b3d8822d370d7cea2bcfec69ea8c_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05b0842803f9e49b472744b86cc3cc16b1f4b3d8822d370d7cea2bcfec69ea8c_NeikiAnalytics.dll,#12⤵PID:4660
-