752d699f3dbf848043e43ea37c86759eb6b9a9b3662fe1df959aa16e2fb7ad17

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 23:17

Target

9443dc989af2ec2ca01136fa9db63170_NEIKI.exe
Size

943KB
MD5

9443dc989af2ec2ca01136fa9db63170
SHA1

c31ef047834d1cf35070e3b02380268485862e15
SHA256

752d699f3dbf848043e43ea37c86759eb6b9a9b3662fe1df959aa16e2fb7ad17
SHA512

915379c72ec434ea762662aed4bebc7bf7d95a637538ce051e3764a3f184b6b371f6eb7d61a97859a451819a812602b329a43d5c6c602702b5275d28527add4e
SSDEEP

24576:Pa3fzCgIf1TNkreNd94227Vq0ELZmD1VUZmhVixpN:Pa3fzoG0422whZmhiZmhVixpN

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3060	51C9.tmp

Executes dropped EXE 1 IoCs

pid	Process
3060	51C9.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 3060	1020	9443dc989af2ec2ca01136fa9db63170_NEIKI.exe	79
PID 1020 wrote to memory of 3060	1020	9443dc989af2ec2ca01136fa9db63170_NEIKI.exe	79
PID 1020 wrote to memory of 3060	1020	9443dc989af2ec2ca01136fa9db63170_NEIKI.exe	79

C:\Users\Admin\AppData\Local\Temp\9443dc989af2ec2ca01136fa9db63170_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\9443dc989af2ec2ca01136fa9db63170_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Users\Admin\AppData\Local\Temp\51C9.tmp
  "C:\Users\Admin\AppData\Local\Temp\51C9.tmp"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3060

C:\Users\Admin\AppData\Local\Temp\51C9.tmp

Filesize
943KB

MD5
acfdb860acb585b0faf4cf36536520d9

SHA1
db040b15d287cbf806e2c9362eab4c7612ba3484

SHA256
5e33c7aee9e264b229e64f1e63a285b31fda47faf86febe546f94dd4caccaa47

SHA512
08696021e59de8cfa49bf62ece1b041673631503b071f8e2b7b2780c58d80e9f98d9082d7f3fec626f748904a3449aff61f90dd7b9893a7e1d9f0531e016dbc3

Download Submit