43c3c359d677845c0068c05b3ae48d5194c73df493cf9540af8c6070a6d5354a

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 05:18

Target

e05012e397d8694bbefa17fbfa14afd0_NEIKI.dll
Size

5KB
MD5

e05012e397d8694bbefa17fbfa14afd0
SHA1

618691dd9186a34b6d4b819934afb6f03bcac863
SHA256

43c3c359d677845c0068c05b3ae48d5194c73df493cf9540af8c6070a6d5354a
SHA512

6d4910dea246d6e8bf3ec6883363aadb66c830af13a426d001cc9610ae70e68aaad9ff283100073fa1fd7421d4f7ddcfa87aecbc8d2979bf54771dd177c8f957
SSDEEP

96:hy859x0P8MaJtQRVn2ROVecgMVxvbv4uQKm20JOAnXmoEb2bhIOMmt2kDj:F5oLSQn20Hj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2992	2884	rundll32.exe	28
PID 2884 wrote to memory of 2992	2884	rundll32.exe	28
PID 2884 wrote to memory of 2992	2884	rundll32.exe	28
PID 2884 wrote to memory of 2992	2884	rundll32.exe	28
PID 2884 wrote to memory of 2992	2884	rundll32.exe	28
PID 2884 wrote to memory of 2992	2884	rundll32.exe	28
PID 2884 wrote to memory of 2992	2884	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e05012e397d8694bbefa17fbfa14afd0_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e05012e397d8694bbefa17fbfa14afd0_NEIKI.dll,#1
  2⤵
  PID:2992