8fc184a9754ae6084d3da9889f912edc627d27a5ef2abe672dbc29120c56d165 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 14:07

Sharing

Report Analysis Logs

General

Target

d45c0549a39ae7d5441a6dd0948dcb00_NEIKI.dll
Size

472KB
MD5

d45c0549a39ae7d5441a6dd0948dcb00
SHA1

eff82ce63f5087f34af439a232f00be1441f74a0
SHA256

8fc184a9754ae6084d3da9889f912edc627d27a5ef2abe672dbc29120c56d165
SHA512

1c524bdaeeb6c449cca466091f73ea5555ba60d5466fd857b95d7cf276b77c0d702bfb9a6e08dd3f143eea62796d2b9019d12e4858facf90b122e0470e83f6cb
SSDEEP

12288:Iej5CK2CqyCNer8LYMzR9QbvLjM0s1haJPvywiy:1j5CKOyC9B5Vwiy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1736	2348	rundll32.exe	28
PID 2348 wrote to memory of 1736	2348	rundll32.exe	28
PID 2348 wrote to memory of 1736	2348	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d45c0549a39ae7d5441a6dd0948dcb00_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2348 -s 152
  2⤵
  PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads