332b468ea7b62b527a986f754d4c3c6724bbc065862053ff53142bdc827906c8 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 11:26

Sharing

Report Analysis Logs

General

Target

ea86fbb13c412efdeb18bf399cb37340_NeikiAnalytics.dll
Size

4KB
MD5

ea86fbb13c412efdeb18bf399cb37340
SHA1

5e348e48209f5c7ec98fbe7b832d3bef83e7a34e
SHA256

332b468ea7b62b527a986f754d4c3c6724bbc065862053ff53142bdc827906c8
SHA512

c99fc83e485f3d875088c2ab1fd19691aa205fe1f80200503cbe5661e0f2200359c6edcc42668d5d875271b24c54ab6264c1a6cebc72f77cb6abe458957e0598

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2244	2868	rundll32.exe	28
PID 2868 wrote to memory of 2244	2868	rundll32.exe	28
PID 2868 wrote to memory of 2244	2868	rundll32.exe	28
PID 2868 wrote to memory of 2244	2868	rundll32.exe	28
PID 2868 wrote to memory of 2244	2868	rundll32.exe	28
PID 2868 wrote to memory of 2244	2868	rundll32.exe	28
PID 2868 wrote to memory of 2244	2868	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea86fbb13c412efdeb18bf399cb37340_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea86fbb13c412efdeb18bf399cb37340_NeikiAnalytics.dll,#1
  2⤵
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads