df78ca57dfc1acb64e83e2e61469e76c4819d0e4a77dfa79d2d8b5c099588dce | Triage

Analysis

max time kernel
133s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 08:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3b60fc1a51752c247913e5810fd1d430_NeikiAnalytics.dll
Size

3KB
MD5

3b60fc1a51752c247913e5810fd1d430
SHA1

e030072993346365907a5abd7799d76be7f397d3
SHA256

df78ca57dfc1acb64e83e2e61469e76c4819d0e4a77dfa79d2d8b5c099588dce
SHA512

0d08ecfdd795a9e0786ba6e1e1c0cef3c31d85fac4591dd37913b558f05c5193d5927779a8d6fbb112c910db8183d9198be6adf0f767915b9397a3d6a5469f0e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 5052	3940	rundll32.exe	90
PID 3940 wrote to memory of 5052	3940	rundll32.exe	90
PID 3940 wrote to memory of 5052	3940	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b60fc1a51752c247913e5810fd1d430_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b60fc1a51752c247913e5810fd1d430_NeikiAnalytics.dll,#1
  2⤵
  PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
1⤵
PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads