d8ea452c819fad1eb4c23b4f762bb37cd9c996afd1c501a0fb6356317442df46 | Triage

Analysis

max time kernel
135s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 05:39

Sharing

Report Analysis Logs

General

Target

d1a971bc4ca57e35261ef6e9e46887a0_NeikiAnalytics.dll
Size

3KB
MD5

d1a971bc4ca57e35261ef6e9e46887a0
SHA1

a3ad544ac56c73999d06429f70c60e694577ca4e
SHA256

d8ea452c819fad1eb4c23b4f762bb37cd9c996afd1c501a0fb6356317442df46
SHA512

e851f8a9dd6cdf6ba6951027c25028e5788450fcc762b1b44da9fb339542c79626c71b8620413b7eec6a5da389bb0c6f68b037caffb924263b63bb8af85ebb89

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2224 wrote to memory of 2808	2224	rundll32.exe	rundll32.exe
PID 2224 wrote to memory of 2808	2224	rundll32.exe	rundll32.exe
PID 2224 wrote to memory of 2808	2224	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1a971bc4ca57e35261ef6e9e46887a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1a971bc4ca57e35261ef6e9e46887a0_NeikiAnalytics.dll,#1
  2⤵
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads