0bfdffaff454f0e5b85e6f2519885e96bb3c25c3864e69fd7f4778fc8e0520f1 | Triage

Analysis

max time kernel
94s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 20:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4bff0ff4428757d94fb33707f5999a40_NEIKI.dll
Size

6KB
MD5

4bff0ff4428757d94fb33707f5999a40
SHA1

1a85cd5516cdafa02093cd853cad51738135b727
SHA256

0bfdffaff454f0e5b85e6f2519885e96bb3c25c3864e69fd7f4778fc8e0520f1
SHA512

50fbda42805fa8ebecc868ea97c00ef461557eb63cb9b14680c7f9f0b7bc95f839dadbb3565038ab465b7ac3f15df85495ed3e7ee172087e68e42ed68477e7a9
SSDEEP

96:hy859x0P8MaejEG4ctEU8K2OlRhpXiVmDSUPp7S:F5oLVPTBlRhpXiVqP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 4968	4432	rundll32.exe	80
PID 4432 wrote to memory of 4968	4432	rundll32.exe	80
PID 4432 wrote to memory of 4968	4432	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bff0ff4428757d94fb33707f5999a40_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bff0ff4428757d94fb33707f5999a40_NEIKI.dll,#1
  2⤵
  PID:4968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads