68a99fb66af9da0daee95fa651d06b12d8d5c7a977058d0ac56fee9064ce9018

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 19:55

Target

18e4349d6f6c2b701e352ecbb8597870_NEIKI.dll
Size

81KB
MD5

18e4349d6f6c2b701e352ecbb8597870
SHA1

47ad2f600cced5119409fcd5eff80cc1ad5f746a
SHA256

68a99fb66af9da0daee95fa651d06b12d8d5c7a977058d0ac56fee9064ce9018
SHA512

fb95e1f7b402e85cc168a8a746584925763cc7cebad4bfb995c9682f15d1883cd2983512e9da0681d59abce4f9c2212712cbb6a89bc75f2593dbdce72d82119f
SSDEEP

1536:6c+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+Gf:5+5oxmqAiR8+/RBkez0U+E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2120	1712	rundll32.exe	91
PID 1712 wrote to memory of 2120	1712	rundll32.exe	91
PID 1712 wrote to memory of 2120	1712	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18e4349d6f6c2b701e352ecbb8597870_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18e4349d6f6c2b701e352ecbb8597870_NEIKI.dll,#1
  2⤵
  PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=764 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3532