Analysis
-
max time kernel
138s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 12:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ab56b7419a06a4131192a45d2d5f9410_NEIKI.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ab56b7419a06a4131192a45d2d5f9410_NEIKI.dll
Resource
win10v2004-20240419-en
1 signatures
150 seconds
General
-
Target
ab56b7419a06a4131192a45d2d5f9410_NEIKI.dll
-
Size
460KB
-
MD5
ab56b7419a06a4131192a45d2d5f9410
-
SHA1
7a761a97a4e395d78bdee4faa00d6e050a6376cf
-
SHA256
18a6e83cdcc9648ba7ee96059f761e783d79a86f64d2f79f6e30b05803b9ea6d
-
SHA512
122753366069f69c0c24b579b0adb07d8e2bfa176658afb49659c575213575fce64c370ca1adb42cbf4e3120ee367337668487e6d189e046011e0346f3955248
-
SSDEEP
12288:7NL4P+ciXi0T6Hz5qSLYOp7mua3TTdfaoywE:7t4P+ciXii6Hz5qYy9XL5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3096 wrote to memory of 1240 3096 rundll32.exe 83 PID 3096 wrote to memory of 1240 3096 rundll32.exe 83 PID 3096 wrote to memory of 1240 3096 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab56b7419a06a4131192a45d2d5f9410_NEIKI.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab56b7419a06a4131192a45d2d5f9410_NEIKI.dll,#12⤵PID:1240
-