320758debb1e1f767d7cbb2abed7d77a5182f2f587e6a8a696be87662ca0ac25

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 23:39

Target

695040c7d042f803eae8316954c08dc0_NEIKI.dll
Size

6KB
MD5

695040c7d042f803eae8316954c08dc0
SHA1

8900d3eeb1658284b4de1cf7155983058bb86a87
SHA256

320758debb1e1f767d7cbb2abed7d77a5182f2f587e6a8a696be87662ca0ac25
SHA512

6c3ef8702a46b2d97787daa1af3273c752d66aec33ff014ab6dd7e021dc869bfceba0868e1359f1fca4a8458b561691100dec98d04e6a14b0c56084a2eb1de45
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G0OB+BDq9J5S2:0QDV8FscMjsLFV3WB+FqX5S2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1892	1728	rundll32.exe	29
PID 1728 wrote to memory of 1892	1728	rundll32.exe	29
PID 1728 wrote to memory of 1892	1728	rundll32.exe	29
PID 1728 wrote to memory of 1892	1728	rundll32.exe	29
PID 1728 wrote to memory of 1892	1728	rundll32.exe	29
PID 1728 wrote to memory of 1892	1728	rundll32.exe	29
PID 1728 wrote to memory of 1892	1728	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\695040c7d042f803eae8316954c08dc0_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\695040c7d042f803eae8316954c08dc0_NEIKI.dll,#1
  2⤵
  PID:1892