Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
07-05-2024 23:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe
-
Size
50KB
-
MD5
67dbc22c2dc4bc8381713dec597924e0
-
SHA1
c5b51c5bf68f7707de31039ce9911d0dd9348841
-
SHA256
a49bfbc6ca21250ba56b07a2f9573f7860586e38b46debbbe2e44109b6bb0715
-
SHA512
b56ef90e0ffc15c1123aeb34cac3be8508bd09e4457bf62b1ba1b82b6daca51f2e43c5147cd66d4786c8468d2e92eb7a4e9a61fbf434b3324c6736d31ec060e9
-
SSDEEP
1536:ww7zXQnHCmcWBrtK/KRj4pFqIx/sFjL6N0DhdGbouFqWL0BfdM4vOfaFEtk+9Bnr:ww7zXsCmxJtuT
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1288 wrote to memory of 2524 1288 67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe 29 PID 1288 wrote to memory of 2524 1288 67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe 29 PID 1288 wrote to memory of 2524 1288 67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\67dbc22c2dc4bc8381713dec597924e0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1288 -s 4882⤵PID:2524
-