dd16968084b26b0bf3e5ca7c58d2bbf27b41ac8a677821f9f2a529efce319e0a

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 04:59

Target

fb2f8295f8fa7ba0522ca7f9a4204a40_NEIKI.dll
Size

395KB
MD5

fb2f8295f8fa7ba0522ca7f9a4204a40
SHA1

15840141753f6283d1e04bb91cb8fb4cd58511fd
SHA256

dd16968084b26b0bf3e5ca7c58d2bbf27b41ac8a677821f9f2a529efce319e0a
SHA512

fc9e50a421cbfd819e61268f0f91c96b4a1d88bf34d17309c38671d084abb1c410876fa8a51bdfe6732e9e8eb5ab9712117f839333fc825a6f37bf8847506884
SSDEEP

6144:g6IBrpIHYKFRbuoLWbscxrgBn+1f6LhLZscV3nc458JxmmBFWCV50DEruAO7M26:skhI3scx8B+FWcO8LfBFWdDthM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2408	1516	rundll32.exe	28
PID 1516 wrote to memory of 2408	1516	rundll32.exe	28
PID 1516 wrote to memory of 2408	1516	rundll32.exe	28
PID 1516 wrote to memory of 2408	1516	rundll32.exe	28
PID 1516 wrote to memory of 2408	1516	rundll32.exe	28
PID 1516 wrote to memory of 2408	1516	rundll32.exe	28
PID 1516 wrote to memory of 2408	1516	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb2f8295f8fa7ba0522ca7f9a4204a40_NEIKI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb2f8295f8fa7ba0522ca7f9a4204a40_NEIKI.dll,#1
  2⤵
  PID:2408