bd97421c9fa96846959e7fd410ca73941c27a12bd18dbadb4f7052c271ad169d | Triage

Analysis

max time kernel
141s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 15:15

Sharing

Report Analysis Logs

General

Target

e98e9b6a743b112e05b38cce174d2eb0_NEIKI.dll
Size

5KB
MD5

e98e9b6a743b112e05b38cce174d2eb0
SHA1

127456a67bc1ff323c162a88aa55d11f6636327d
SHA256

bd97421c9fa96846959e7fd410ca73941c27a12bd18dbadb4f7052c271ad169d
SHA512

1d50af82a3823b82c870d4a6cfd4e37a09220ce1bcb70df1b9389247a431b9fe315963d8f393fcede06cfa0f5a98829c23035642d1fd94dc31b07aab53300183
SSDEEP

96:ZJTnXzvok709xsFqKDUSaQiEj4I6W/wemp44:ZJrXzwkY9if9aGEI6m8p44

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 4056	1564	rundll32.exe	83
PID 1564 wrote to memory of 4056	1564	rundll32.exe	83
PID 1564 wrote to memory of 4056	1564	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e98e9b6a743b112e05b38cce174d2eb0_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e98e9b6a743b112e05b38cce174d2eb0_NEIKI.dll,#1
  2⤵
  PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads