0956323fe8737a2e15d90146176f21c4e2c339dfb73402a6534ab971464cd248 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:13

Sharing

Report Analysis Logs

General

Target

6a7716c2fb3f548f531314030e027d10_NeikiAnalytics.dll
Size

3KB
MD5

6a7716c2fb3f548f531314030e027d10
SHA1

07e874725de6da82d690751892918199f1e593ee
SHA256

0956323fe8737a2e15d90146176f21c4e2c339dfb73402a6534ab971464cd248
SHA512

ae794dbbab4bd069a33b39cf2113be0947b5efcfc40682c89cb457d16bb84805ca3f1c0414d941452892fd349e4af7eb3820c275816f8c45e6ac857fb587c62a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2260 wrote to memory of 2132	2260	rundll32.exe	rundll32.exe
PID 2260 wrote to memory of 2132	2260	rundll32.exe	rundll32.exe
PID 2260 wrote to memory of 2132	2260	rundll32.exe	rundll32.exe
PID 2260 wrote to memory of 2132	2260	rundll32.exe	rundll32.exe
PID 2260 wrote to memory of 2132	2260	rundll32.exe	rundll32.exe
PID 2260 wrote to memory of 2132	2260	rundll32.exe	rundll32.exe
PID 2260 wrote to memory of 2132	2260	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a7716c2fb3f548f531314030e027d10_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a7716c2fb3f548f531314030e027d10_NeikiAnalytics.dll,#1
2⤵
PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads