2767bea8f58a060f29371154a61f10ad412e5805eeebc04f6438ec9ffac135bb | Triage

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 18:34

Sharing

Report Analysis Logs

General

Target

cc946a13152e32f5c7413951c2921c00_NeikiAnalytics.dll
Size

3KB
MD5

cc946a13152e32f5c7413951c2921c00
SHA1

1700c843e9a13015625eca65138c3a69c099afd8
SHA256

2767bea8f58a060f29371154a61f10ad412e5805eeebc04f6438ec9ffac135bb
SHA512

1301665fecb1bf8934e08d5d38fb1fb6321e4367815eef4470ebd25dcf87fb31adab114aca1a50ab5cf582b59d3296c5aa3e1e58eb243fe8254cccb5119d80f2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2416	2428	rundll32.exe	90
PID 2428 wrote to memory of 2416	2428	rundll32.exe	90
PID 2428 wrote to memory of 2416	2428	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc946a13152e32f5c7413951c2921c00_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc946a13152e32f5c7413951c2921c00_NeikiAnalytics.dll,#1
  2⤵
  PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads