38399c788aa5dc1f5ddbe0c5b5564164d665b8c2f38ec9b73c4543a57f173f4e | Triage

Analysis

max time kernel
131s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:03

Sharing

Report Analysis Logs

General

Target

6867b598cc987680f05367a446e0e610_NeikiAnalytics.dll
Size

7KB
MD5

6867b598cc987680f05367a446e0e610
SHA1

77e401f555158b1688cc9ca429c2f57e8efd3654
SHA256

38399c788aa5dc1f5ddbe0c5b5564164d665b8c2f38ec9b73c4543a57f173f4e
SHA512

d4d02cb5baf82b796f97b31535cd1d965402efa798370d2a54401b0d930fe850713501c7404e554c89367e87af5e8165a92879b053eefbabe8355cc9e3c8f901
SSDEEP

96:wb4VHccYJUC/aFbz/j0OvaP0d3cX5aXW:wUaJf/aFbP0O72JaX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4676 wrote to memory of 2508	4676	rundll32.exe	rundll32.exe
PID 4676 wrote to memory of 2508	4676	rundll32.exe	rundll32.exe
PID 4676 wrote to memory of 2508	4676	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6867b598cc987680f05367a446e0e610_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4676

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6867b598cc987680f05367a446e0e610_NeikiAnalytics.dll,#1
2⤵
PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads