6fcb9e0f64ba8239039aadf15bdc08301b015cd6d7e28e9bec4c8521717f5f97

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:44

Target

2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe
Size

79KB
MD5

2bdcb4009120dbdbf6a2973a1489c820
SHA1

fdab2f18c56b83c1e1716a5257939afe0a9d0578
SHA256

6fcb9e0f64ba8239039aadf15bdc08301b015cd6d7e28e9bec4c8521717f5f97
SHA512

a22a2432717fbb010102eff223a306a5b8ee44fc53b3f7f5ab67369c44a1789c2c9d0eb8b2d418b536c1a1a9991a9f02873988f77ea68c96cf6b2f99a5501b99
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5y1B8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMy1N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4712	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 2468	224	2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe	86
PID 224 wrote to memory of 2468	224	2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe	86
PID 224 wrote to memory of 2468	224	2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe	86
PID 2468 wrote to memory of 4712	2468	cmd.exe	87
PID 2468 wrote to memory of 4712	2468	cmd.exe	87
PID 2468 wrote to memory of 4712	2468	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\2bdcb4009120dbdbf6a2973a1489c820_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4712

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
17d783e05984635624e35779edb583da

SHA1
47b801a7fead5f9412651e09db82f66b3bd9c1de

SHA256
5163d639f7c7cebde298af4bbeee1363fa84a784ba1bb8622ef9cdeaf386a491

SHA512
c6a44288deac4d58131715d8c064b5e904729bd5b1845bbdcde7efd5f0d2e7174db12e42c2cacf09e04c02b3f3d922714b2f55118d0b95c347eca529aa9c3da7

Download Submit
memory/224-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4712-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download