38e96c0f9dfb296d05f1b87637850f7cce8cf89efdc0474a8c9b5ff0314bffb2 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 10:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

57c41eaf91ece3d311d2b32ed49f3b20_NEIKI.dll
Size

6KB
MD5

57c41eaf91ece3d311d2b32ed49f3b20
SHA1

6b5dda343420663f07e440f899e49effe7519f13
SHA256

38e96c0f9dfb296d05f1b87637850f7cce8cf89efdc0474a8c9b5ff0314bffb2
SHA512

d776c96b52441d7343e4f2a1cb94698b7cb14e492e98eba53a0b0d7de76d388df7666537d16f067ced7aaa5b376e68f73c954738aa14517c4d66f31bb708694c
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIumXC6M/CaYu:unSR6bgYCXCr/Ca

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c41eaf91ece3d311d2b32ed49f3b20_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c41eaf91ece3d311d2b32ed49f3b20_NEIKI.dll,#1
  2⤵
  PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads