91f381c03c0cf8d10a4381d91731f0585b2a4f135ab50f2d111b8334eef5d1a9

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 21:06

Target

52a309f801255fb9004fcc55e4d119f0_NEIKI.dll
Size

28KB
MD5

52a309f801255fb9004fcc55e4d119f0
SHA1

e3ea5c1de69279bdcdb19fdd6114252b22b6a8a0
SHA256

91f381c03c0cf8d10a4381d91731f0585b2a4f135ab50f2d111b8334eef5d1a9
SHA512

27bd2d229028e6318549ea772db378e8250ff6af93a7c34c3e4f8db9d4269761ff9ef89339793af73d211ce710d0654f6c3fcbeca67ff7e6b0c7b86ede632e17
SSDEEP

192:zUrLpoYq+HB9mEo3IyowGavBWQmexSV1lvGzkzVvhFH+M1SQs5vA3im:4HGYPHUZxvBXmeUTlvfvhFH+MDsBWP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 1740	2400	rundll32.exe	28
PID 2400 wrote to memory of 1740	2400	rundll32.exe	28
PID 2400 wrote to memory of 1740	2400	rundll32.exe	28
PID 2400 wrote to memory of 1740	2400	rundll32.exe	28
PID 2400 wrote to memory of 1740	2400	rundll32.exe	28
PID 2400 wrote to memory of 1740	2400	rundll32.exe	28
PID 2400 wrote to memory of 1740	2400	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52a309f801255fb9004fcc55e4d119f0_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52a309f801255fb9004fcc55e4d119f0_NEIKI.dll,#1
  2⤵
  PID:1740