b4bafb0df6ca7a11d7174b03424806a993058dbcade08c7b6b5e8cf4349298b7 | Triage

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 17:16

Sharing

Report Analysis Logs

General

Target

b4bafb0df6ca7a11d7174b03424806a993058dbcade08c7b6b5e8cf4349298b7_NeikiAnalytics.dll
Size

3KB
MD5

555c577f0810a9f00a798d8b51038fd0
SHA1

57460e596eccd00ef9c5c5496c1c9bac654df08d
SHA256

b4bafb0df6ca7a11d7174b03424806a993058dbcade08c7b6b5e8cf4349298b7
SHA512

0cf296ae1693106db9f02ffbb1636ec32cb00972749c529e1c1f3fd91532dc29c8ca76c7bd177a60a0c40676f8cdbbfc405c9fc41cb66a35f8dd1528b3969282

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 4812	4116	rundll32.exe	81
PID 4116 wrote to memory of 4812	4116	rundll32.exe	81
PID 4116 wrote to memory of 4812	4116	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4bafb0df6ca7a11d7174b03424806a993058dbcade08c7b6b5e8cf4349298b7_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4bafb0df6ca7a11d7174b03424806a993058dbcade08c7b6b5e8cf4349298b7_NeikiAnalytics.dll,#1
  2⤵
  PID:4812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads