c6cbaf43070a6e4d8de235fbcce231c96bf8efc6b8d3fccfafbdad19eb2f8c2a

Analysis

max time kernel
133s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:52

Target

2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe
Size

97KB
MD5

2f01a66d2e6afa7aa68021eaca9a1a80
SHA1

141559dd9e7bdc3031a4b7c19626c5d95bf17eb6
SHA256

c6cbaf43070a6e4d8de235fbcce231c96bf8efc6b8d3fccfafbdad19eb2f8c2a
SHA512

91294c0f72b1857504c14d7560f30e5393428d0babea062576d880ae355efb7b8f961f8a9cca52c78c2542fd6030f4b69ec119d3ca695a3fd66f8907676ce8d8
SSDEEP

1536:G1zzy48untU8fOMEI3jyYf6iuOBq1mPK3WWIthoB5:8zltUeOsBnqEMWWIthof

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1776	1832	2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe	85
PID 1832 wrote to memory of 1776	1832	2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe	85
PID 1832 wrote to memory of 1776	1832	2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe	85
PID 1776 wrote to memory of 3412	1776	cmd.exe	86
PID 1776 wrote to memory of 3412	1776	cmd.exe	86
PID 1776 wrote to memory of 3412	1776	cmd.exe	86
PID 3412 wrote to memory of 4244	3412	iexpress.exe	87
PID 3412 wrote to memory of 4244	3412	iexpress.exe	87
PID 3412 wrote to memory of 4244	3412	iexpress.exe	87

C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4621.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3412
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:4244

C:\Users\Admin\AppData\Local\Temp\4621.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
98KB

MD5
0b6e97e10e10aba815033b27e934cd91

SHA1
42227f8fed313debba547e84c953d8d036e6ecce

SHA256
db33ca342dfe6f3bc354eafaa9cee701438ba5536f4cfb8208c0e1296335508d

SHA512
c92eae5a722b9cc4943e7df35e39b54d74bbbf9e59e3167cb444ae9fe5a685809ea19847a71374356aec7014e9e600ab95cfc880c7e5dc7a587bddd0d53c344d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit