6fcb9e0f64ba8239039aadf15bdc08301b015cd6d7e28e9bec4c8521717f5f97

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 20:44

Target

2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe
Size

79KB
MD5

2bdcb4009120dbdbf6a2973a1489c820
SHA1

fdab2f18c56b83c1e1716a5257939afe0a9d0578
SHA256

6fcb9e0f64ba8239039aadf15bdc08301b015cd6d7e28e9bec4c8521717f5f97
SHA512

a22a2432717fbb010102eff223a306a5b8ee44fc53b3f7f5ab67369c44a1789c2c9d0eb8b2d418b536c1a1a9991a9f02873988f77ea68c96cf6b2f99a5501b99
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5y1B8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMy1N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2284	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2288	cmd.exe
2288	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2288	1268	2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe	29
PID 1268 wrote to memory of 2288	1268	2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe	29
PID 1268 wrote to memory of 2288	1268	2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe	29
PID 1268 wrote to memory of 2288	1268	2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe	29
PID 2288 wrote to memory of 2284	2288	cmd.exe	30
PID 2288 wrote to memory of 2284	2288	cmd.exe	30
PID 2288 wrote to memory of 2284	2288	cmd.exe	30
PID 2288 wrote to memory of 2284	2288	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2284

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
17d783e05984635624e35779edb583da

SHA1
47b801a7fead5f9412651e09db82f66b3bd9c1de

SHA256
5163d639f7c7cebde298af4bbeee1363fa84a784ba1bb8622ef9cdeaf386a491

SHA512
c6a44288deac4d58131715d8c064b5e904729bd5b1845bbdcde7efd5f0d2e7174db12e42c2cacf09e04c02b3f3d922714b2f55118d0b95c347eca529aa9c3da7

Download Submit
memory/1268-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2284-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download