71c20d28b9e8f329f48252eefbae45d80734f1e2c33037589b132617109c86b7 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 18:33

Sharing

Report Analysis Logs

General

Target

0f3bd9fc4fe0f6564b65e787979672b0_NeikiAnalytics.dll
Size

3KB
MD5

0f3bd9fc4fe0f6564b65e787979672b0
SHA1

f9420134719f697f2427b3bf4d1099461e92030d
SHA256

71c20d28b9e8f329f48252eefbae45d80734f1e2c33037589b132617109c86b7
SHA512

9e8d450bfa66bcc24459b2e874fb3342d8e1e4ed412ea190dd83334864f427d34a9f447e06599611a3b701a79ac94c9f48d19a5c2e31612063543a5b11cb93f0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1920	1660	rundll32.exe	28
PID 1660 wrote to memory of 1920	1660	rundll32.exe	28
PID 1660 wrote to memory of 1920	1660	rundll32.exe	28
PID 1660 wrote to memory of 1920	1660	rundll32.exe	28
PID 1660 wrote to memory of 1920	1660	rundll32.exe	28
PID 1660 wrote to memory of 1920	1660	rundll32.exe	28
PID 1660 wrote to memory of 1920	1660	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f3bd9fc4fe0f6564b65e787979672b0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f3bd9fc4fe0f6564b65e787979672b0_NeikiAnalytics.dll,#1
  2⤵
  PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads