af2824cff7aae6a70dd826433e841ccc9ed8e3dab66a7d019cfeecf5c399da4b | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 12:04

Sharing

Report Analysis Logs

General

Target

ddc66a79170f46db6e1c8451c8360c10_NeikiAnalytics.dll
Size

4KB
MD5

ddc66a79170f46db6e1c8451c8360c10
SHA1

3ec93ec7cfe9f623122ebfe22b611291d92ec344
SHA256

af2824cff7aae6a70dd826433e841ccc9ed8e3dab66a7d019cfeecf5c399da4b
SHA512

d9380d8de1188359cd9abc50d131cde270ade89e58484cbdb0c37adca381aaf710a161fa1500214fba5bffab2bf1beb47a2c0672410af5cf4e116fe2504d7a2c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 108	2076	rundll32.exe	28
PID 2076 wrote to memory of 108	2076	rundll32.exe	28
PID 2076 wrote to memory of 108	2076	rundll32.exe	28
PID 2076 wrote to memory of 108	2076	rundll32.exe	28
PID 2076 wrote to memory of 108	2076	rundll32.exe	28
PID 2076 wrote to memory of 108	2076	rundll32.exe	28
PID 2076 wrote to memory of 108	2076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddc66a79170f46db6e1c8451c8360c10_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddc66a79170f46db6e1c8451c8360c10_NeikiAnalytics.dll,#1
  2⤵
  PID:108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads