f032591ff92ac9f36254adcab78f85d13f6c7559ecd0e7cb782d3c49db70ca1b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 23:56

Target

nEO iMAGING/niUtils1.dll
Size

240KB
MD5

d3a2a41c3e5bf2ec7a558f1c84f5b3fb
SHA1

2f39a315ca5f7546f60cb32307540c42ac297c51
SHA256

29dfadfda96ee4dea1b81f9b0896aeb26da5d83cd2c6acaacb94c4624e1bfbb7
SHA512

4301f9a4adfb08a58de0ba7f94d83a825fa6292ff827a61fc8e9a4b67fdb1bace4acb1fee34c5e8a41de31940b11e7518fc6a8d6a30cb26705d3e0a0a743d63e
SSDEEP

3072:fbCgVgW+2dCWI+RO+VaSKhRA70HEf8Vpa8Za6kdc7qPsnUsQ1KpcQo7Qcgy2OA:fb4VW5OPA0HEfeptA0qPsUsQEDcgbO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 2456	3368	rundll32.exe	85
PID 3368 wrote to memory of 2456	3368	rundll32.exe	85
PID 3368 wrote to memory of 2456	3368	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\nEO iMAGING\niUtils1.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\nEO iMAGING\niUtils1.dll",#1
  2⤵
  PID:2456