071dc4294b6bcecebb99efc29e5f94b1154c62045ea181e488af3eed850e6a14

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 20:53

Target

2f243f4d8e42355b833e8972bb6ab940_NEIKI.dll
Size

6.7MB
MD5

2f243f4d8e42355b833e8972bb6ab940
SHA1

8f10dd20130c082a510756ab90ea3790e6ae7353
SHA256

071dc4294b6bcecebb99efc29e5f94b1154c62045ea181e488af3eed850e6a14
SHA512

01c4bb92c0479d86b84ace22f05eac4c55b41fa32851075bdeca2e146d1f56acb60389ba2661b4a3731f0c971d0cb2a1d0bf6d5325cf9ec73299829fc7c853e7
SSDEEP

98304:bsNffi/cAG0rLTWUw8RCXKujioklHme3KL4bU5bWGtXEMWyK1z18qNPkh:wNf3gTI8CBBklxbOamay418skh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1196	2020	rundll32.exe	28
PID 2020 wrote to memory of 1196	2020	rundll32.exe	28
PID 2020 wrote to memory of 1196	2020	rundll32.exe	28
PID 2020 wrote to memory of 1196	2020	rundll32.exe	28
PID 2020 wrote to memory of 1196	2020	rundll32.exe	28
PID 2020 wrote to memory of 1196	2020	rundll32.exe	28
PID 2020 wrote to memory of 1196	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f243f4d8e42355b833e8972bb6ab940_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f243f4d8e42355b833e8972bb6ab940_NEIKI.dll,#1
  2⤵
  PID:1196

memory/1196-0-0x00000000000D0000-0x00000000000D6000-memory.dmp

Filesize
24KB

Download
memory/1196-2-0x0000000010000000-0x0000000010113000-memory.dmp

Filesize
1.1MB

Download
memory/1196-3-0x0000000010000000-0x0000000010113000-memory.dmp

Filesize
1.1MB

Download