3a699694ea25ad8bec642cc3c913c4414c349abc8aa7105ee26102c09bef7499

Analysis

max time kernel
132s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 20:03

Target

1b3e302c1f6f6a872978e9658ebffe20_NeikiAnalytics.dll
Size

430KB
MD5

1b3e302c1f6f6a872978e9658ebffe20
SHA1

669bdb182b02034eaaf62845f5e2176657c4866d
SHA256

3a699694ea25ad8bec642cc3c913c4414c349abc8aa7105ee26102c09bef7499
SHA512

74b22f992829c8e071449f7ec0eef61f0575d1d3b7201a5459feb0586b4dc97c148fb5b4f2d0f4ccad56a3b25cf6a485b22a2be36ccec14daa8dac8c5f2517c9
SSDEEP

12288:TP7xf5HU/AqVqhQQecOIsV/AWmiynaxYDs5F8r:TDz6F6CP/fkax78

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1932	1632	rundll32.exe	84
PID 1632 wrote to memory of 1932	1632	rundll32.exe	84
PID 1632 wrote to memory of 1932	1632	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b3e302c1f6f6a872978e9658ebffe20_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b3e302c1f6f6a872978e9658ebffe20_NeikiAnalytics.dll,#1
  2⤵
  PID:1932

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact