43c3c359d677845c0068c05b3ae48d5194c73df493cf9540af8c6070a6d5354a

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 05:18

Target

e05012e397d8694bbefa17fbfa14afd0_NEIKI.dll
Size

5KB
MD5

e05012e397d8694bbefa17fbfa14afd0
SHA1

618691dd9186a34b6d4b819934afb6f03bcac863
SHA256

43c3c359d677845c0068c05b3ae48d5194c73df493cf9540af8c6070a6d5354a
SHA512

6d4910dea246d6e8bf3ec6883363aadb66c830af13a426d001cc9610ae70e68aaad9ff283100073fa1fd7421d4f7ddcfa87aecbc8d2979bf54771dd177c8f957
SSDEEP

96:hy859x0P8MaJtQRVn2ROVecgMVxvbv4uQKm20JOAnXmoEb2bhIOMmt2kDj:F5oLSQn20Hj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4736	5100	rundll32.exe	85
PID 5100 wrote to memory of 4736	5100	rundll32.exe	85
PID 5100 wrote to memory of 4736	5100	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e05012e397d8694bbefa17fbfa14afd0_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e05012e397d8694bbefa17fbfa14afd0_NEIKI.dll,#1
  2⤵
  PID:4736