Analysis
-
max time kernel
133s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 01:09
Behavioral task
behavioral1
Sample
29d26d8b759d0ca77cea9b648e92ddd315919d818b67b804e0e22f2db450a43d_NeikiAnalytics.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
29d26d8b759d0ca77cea9b648e92ddd315919d818b67b804e0e22f2db450a43d_NeikiAnalytics.dll
Resource
win10v2004-20240226-en
General
-
Target
29d26d8b759d0ca77cea9b648e92ddd315919d818b67b804e0e22f2db450a43d_NeikiAnalytics.dll
-
Size
5.7MB
-
MD5
ae9ba2b885afa99fad085ee1ea81c7e0
-
SHA1
8cd6b32ad8a6e20eb632aa03917dc286382a93fe
-
SHA256
29d26d8b759d0ca77cea9b648e92ddd315919d818b67b804e0e22f2db450a43d
-
SHA512
52cc127fc5c238d791799fef7af4cf873094376c3493e2800eb447c496e5efd582799cbf1e76b88976670bb1f96c4b01438c84e58db5ab7ba2c852b7247de9f7
-
SSDEEP
98304:4WMdD6IYebdqFIjW9vGa6JxeCb1/HLk2zJ+HBq9AFRflUlrpdBUFbNhm6VWhB7Fj:LIYebdrEvxaBh/rPuBqQUnd+lNhnQH7x
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4016-1-0x0000000010000000-0x0000000010970000-memory.dmp vmprotect behavioral2/memory/4016-3-0x0000000010000000-0x0000000010970000-memory.dmp vmprotect -
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\FT_ET99_API.dll rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 4016 rundll32.exe 4016 rundll32.exe 4016 rundll32.exe 4016 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4464 wrote to memory of 4016 4464 rundll32.exe rundll32.exe PID 4464 wrote to memory of 4016 4464 rundll32.exe rundll32.exe PID 4464 wrote to memory of 4016 4464 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29d26d8b759d0ca77cea9b648e92ddd315919d818b67b804e0e22f2db450a43d_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29d26d8b759d0ca77cea9b648e92ddd315919d818b67b804e0e22f2db450a43d_NeikiAnalytics.dll,#12⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4256 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4016-0-0x0000000010048000-0x00000000103B7000-memory.dmpFilesize
3.4MB
-
memory/4016-1-0x0000000010000000-0x0000000010970000-memory.dmpFilesize
9.4MB
-
memory/4016-2-0x00000000008B0000-0x00000000008B1000-memory.dmpFilesize
4KB
-
memory/4016-3-0x0000000010000000-0x0000000010970000-memory.dmpFilesize
9.4MB