c06d9b960db72682df8a9f55fc4696885290c6cf946aa2e5fcbc69f84afa77c5

Analysis

max time kernel
92s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 01:08

Target

b7bf6e6362dd27c97c4129f8c5f8ac10_NEIKI.dll
Size

13KB
MD5

b7bf6e6362dd27c97c4129f8c5f8ac10
SHA1

839462c9ffa1673eb986ca158f534d2ed8e6e695
SHA256

c06d9b960db72682df8a9f55fc4696885290c6cf946aa2e5fcbc69f84afa77c5
SHA512

bc2ab3f3d48edc7918e1d4fdfa4cb9846d5b01e9dcae12dd4264fb38a2200b524c4768aea4b63c449e9b03d49ec773f6862f0b380fc9a7c4d794c9271fb8e2e2
SSDEEP

192:pnfHQduzWhhWNcqWvkJ0f5AbVWQ4OWndDBwUoX01k9z3AuJGzzkjc:1fFWhhWNpaabQDUR9zxw+c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 1520	4344	rundll32.exe	81
PID 4344 wrote to memory of 1520	4344	rundll32.exe	81
PID 4344 wrote to memory of 1520	4344	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7bf6e6362dd27c97c4129f8c5f8ac10_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7bf6e6362dd27c97c4129f8c5f8ac10_NEIKI.dll,#1
  2⤵
  PID:1520