16899512e08f7684fb921bdc00ad43af5a0ddec7c1569ec2b8383f5929625751 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 04:44

Sharing

Report Analysis Logs

General

Target

722c8421ffa5037b0d85bb3f9e1cd5e0_NeikiAnalytics.dll
Size

3KB
MD5

722c8421ffa5037b0d85bb3f9e1cd5e0
SHA1

18b4321a08fc98b07daf7f423a49664d5fd5483c
SHA256

16899512e08f7684fb921bdc00ad43af5a0ddec7c1569ec2b8383f5929625751
SHA512

bf83c3b478b6d91df0e1a965d06123e4c50fa0d02947ebe22ef5daf3e8ad46987fdae2910d751f51b4098aee7c8a7e5830653b31a1e00f6f1afdd5d57b8c86db

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2220	1968	rundll32.exe	28
PID 1968 wrote to memory of 2220	1968	rundll32.exe	28
PID 1968 wrote to memory of 2220	1968	rundll32.exe	28
PID 1968 wrote to memory of 2220	1968	rundll32.exe	28
PID 1968 wrote to memory of 2220	1968	rundll32.exe	28
PID 1968 wrote to memory of 2220	1968	rundll32.exe	28
PID 1968 wrote to memory of 2220	1968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\722c8421ffa5037b0d85bb3f9e1cd5e0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\722c8421ffa5037b0d85bb3f9e1cd5e0_NeikiAnalytics.dll,#1
  2⤵
  PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads