b291bf890717615a937c7498f7e8295cd1f35cceaeffcde9c11e095fb5c1da89 | Triage

Analysis

max time kernel
141s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 20:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2bf072dcb4369dd6a76bf8aa24ccc940_NeikiAnalytics.dll
Size

3KB
MD5

2bf072dcb4369dd6a76bf8aa24ccc940
SHA1

e43c236655df9868ac5423e0a02383a6fe9f2dc6
SHA256

b291bf890717615a937c7498f7e8295cd1f35cceaeffcde9c11e095fb5c1da89
SHA512

7a2d3184f4bd8b3dad0770eefb6edc533b3797adb3adc01728cb4707a504d829c0fc94c362dcfc90397213c10067c869449f0abd58ec00d9393a662c1b5e15c2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 4608	1876	rundll32.exe	83
PID 1876 wrote to memory of 4608	1876	rundll32.exe	83
PID 1876 wrote to memory of 4608	1876	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf072dcb4369dd6a76bf8aa24ccc940_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bf072dcb4369dd6a76bf8aa24ccc940_NeikiAnalytics.dll,#1
  2⤵
  PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads