9d7ac9dca6e64c01b9d1f660e167ca0f2a2081adf152ffdaa9d8f7d8bd5bb429

Analysis

max time kernel
133s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:26

Target

24c60b01937921a1b301159b85360700_NEIKI.exe
Size

104KB
MD5

24c60b01937921a1b301159b85360700
SHA1

f47fdcf08406f330ad240183244132801b73aba0
SHA256

9d7ac9dca6e64c01b9d1f660e167ca0f2a2081adf152ffdaa9d8f7d8bd5bb429
SHA512

1e960db5056c1dba75baad4283e0f34ab46d0b4879bdfef6fa45ac8bac3a2430236b1e3a976a1cb2c2f41efe697a501c3d20cc55570e27dd70b30b55b99ecdf7
SSDEEP

1536:w1Tzy48untU8fOMEI3jmYfPiuOtQvoaKVoX9TaM:6zltUeCsaha0oX9N

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 1604	5020	24c60b01937921a1b301159b85360700_NEIKI.exe	86
PID 5020 wrote to memory of 1604	5020	24c60b01937921a1b301159b85360700_NEIKI.exe	86
PID 5020 wrote to memory of 1604	5020	24c60b01937921a1b301159b85360700_NEIKI.exe	86
PID 1604 wrote to memory of 2180	1604	cmd.exe	87
PID 1604 wrote to memory of 2180	1604	cmd.exe	87
PID 1604 wrote to memory of 2180	1604	cmd.exe	87
PID 2180 wrote to memory of 5044	2180	iexpress.exe	88
PID 2180 wrote to memory of 5044	2180	iexpress.exe	88
PID 2180 wrote to memory of 5044	2180	iexpress.exe	88

C:\Users\Admin\AppData\Local\Temp\24c60b01937921a1b301159b85360700_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\24c60b01937921a1b301159b85360700_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3354.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\24c60b01937921a1b301159b85360700_NEIKI.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:5044

C:\Users\Admin\AppData\Local\Temp\3354.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
104KB

MD5
54074b6ed6aeed9af6e34162619479e2

SHA1
00e3dcb4ad94463e5b2750f533a9c7d3317a4263

SHA256
1d3a535e493cf348302d809fa4be1ce88b84fc0430388c3882b391c7c74221e6

SHA512
acd82e6356ee3affd2f554b51e8db41ef4537159c33d82473e7ac388e9ed790cc99103ef257cc09f903e5c913994085e2a1411ac57f970a465948523c92c5420

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit
memory/5020-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5020-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download