83011bb743ec05deaf4311ac7ed8f18ce1d829afdabda1f78e62a828d31dabd1 | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 09:27

Sharing

Report Analysis Logs

General

Target

5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll
Size

476KB
MD5

5d4bd164346f789b68ffe72634254b70
SHA1

992c60bcaaa9a375a2d0953c20fb3334dae8fc3b
SHA256

83011bb743ec05deaf4311ac7ed8f18ce1d829afdabda1f78e62a828d31dabd1
SHA512

a2c279a0f757ac5a0cc72a0bc1c5b4cd91a5e65a824d403cf4ad4e766ba4be47829a1bbb8e54a148378d87eea8e905b4f9239690ac5481569d961645d502b719
SSDEEP

12288:hfkwSzRY+6tghM1eI+mJrKaLIZnQqmE1:W/ROB/ZIZQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2268	3064	rundll32.exe	28
PID 3064 wrote to memory of 2268	3064	rundll32.exe	28
PID 3064 wrote to memory of 2268	3064	rundll32.exe	28
PID 3064 wrote to memory of 2268	3064	rundll32.exe	28
PID 3064 wrote to memory of 2268	3064	rundll32.exe	28
PID 3064 wrote to memory of 2268	3064	rundll32.exe	28
PID 3064 wrote to memory of 2268	3064	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll,#1
  2⤵
  PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads