d9b551211c83544a5a0bab1d61c7ee47b9513dee6e9b63e07bf7692a55d5091e | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 13:29

Sharing

Report Analysis Logs

General

Target

156ae59ea24b80fefa602bef9ea875c0_NeikiAnalytics.dll
Size

3KB
MD5

156ae59ea24b80fefa602bef9ea875c0
SHA1

0a36d3e63954ce74d0485159333ecbe28f4e7133
SHA256

d9b551211c83544a5a0bab1d61c7ee47b9513dee6e9b63e07bf7692a55d5091e
SHA512

34e40ccc93487af96bd211b289db4e7c38c515ebac0e6dd882391e614a3bfb244ae5f36b9dcb1a316ff9242ff870a552d17ee452432427e9a31d7c5e008597b8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2908	2868	rundll32.exe	28
PID 2868 wrote to memory of 2908	2868	rundll32.exe	28
PID 2868 wrote to memory of 2908	2868	rundll32.exe	28
PID 2868 wrote to memory of 2908	2868	rundll32.exe	28
PID 2868 wrote to memory of 2908	2868	rundll32.exe	28
PID 2868 wrote to memory of 2908	2868	rundll32.exe	28
PID 2868 wrote to memory of 2908	2868	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\156ae59ea24b80fefa602bef9ea875c0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\156ae59ea24b80fefa602bef9ea875c0_NeikiAnalytics.dll,#1
  2⤵
  PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads