071dc4294b6bcecebb99efc29e5f94b1154c62045ea181e488af3eed850e6a14

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:53

Target

2f243f4d8e42355b833e8972bb6ab940_NEIKI.dll
Size

6.7MB
MD5

2f243f4d8e42355b833e8972bb6ab940
SHA1

8f10dd20130c082a510756ab90ea3790e6ae7353
SHA256

071dc4294b6bcecebb99efc29e5f94b1154c62045ea181e488af3eed850e6a14
SHA512

01c4bb92c0479d86b84ace22f05eac4c55b41fa32851075bdeca2e146d1f56acb60389ba2661b4a3731f0c971d0cb2a1d0bf6d5325cf9ec73299829fc7c853e7
SSDEEP

98304:bsNffi/cAG0rLTWUw8RCXKujioklHme3KL4bU5bWGtXEMWyK1z18qNPkh:wNf3gTI8CBBklxbOamay418skh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 3324	5080	rundll32.exe	84
PID 5080 wrote to memory of 3324	5080	rundll32.exe	84
PID 5080 wrote to memory of 3324	5080	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f243f4d8e42355b833e8972bb6ab940_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f243f4d8e42355b833e8972bb6ab940_NEIKI.dll,#1
  2⤵
  PID:3324

memory/3324-0-0x00000000015A0000-0x00000000015A6000-memory.dmp

Filesize
24KB

Download
memory/3324-1-0x0000000010000000-0x0000000010113000-memory.dmp

Filesize
1.1MB

Download
memory/3324-3-0x0000000010000000-0x0000000010113000-memory.dmp

Filesize
1.1MB

Download