122284809d6132697132a89bc05f7836a72f90f4985fb7f478e7ec8a80001a25

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 01:44

Target

997383c7a2ea467971f04a487f38aa20_NEIKI.exe
Size

79KB
MD5

997383c7a2ea467971f04a487f38aa20
SHA1

d6f6425907183f5de9a2403993f7bb8d0ded7a9c
SHA256

122284809d6132697132a89bc05f7836a72f90f4985fb7f478e7ec8a80001a25
SHA512

1d0970c2c85c3c26908266a107a7e33998179cf8c4273f5ccfd2355edd547bbae9954c486a542ffdfede700c3b26c9ccf881f976234c382063dae1e7000e4abf
SSDEEP

1536:zvpoooXM5F0qfhj2ipNOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zvpoooE062VGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1604	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4668	4396	997383c7a2ea467971f04a487f38aa20_NEIKI.exe	84
PID 4396 wrote to memory of 4668	4396	997383c7a2ea467971f04a487f38aa20_NEIKI.exe	84
PID 4396 wrote to memory of 4668	4396	997383c7a2ea467971f04a487f38aa20_NEIKI.exe	84
PID 4668 wrote to memory of 1604	4668	cmd.exe	85
PID 4668 wrote to memory of 1604	4668	cmd.exe	85
PID 4668 wrote to memory of 1604	4668	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\997383c7a2ea467971f04a487f38aa20_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\997383c7a2ea467971f04a487f38aa20_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4668
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1604

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f7c3061562fb94dbd3e2a7d35e920eda

SHA1
fa6529c4ef959df524682cdf6fcddd1bfce2284b

SHA256
bfe9fa9d44aa43c8ac3c99fcfb3f20496c23f0cb51a5da6153913af1ae79fdeb

SHA512
1d6d610cf7086a5abb940f317ded29c1f8cae9ad7d89adb46bcb2d2190fbfa4fb3dc8ae68454d4ff9ba04b10de07f2f5292116900a8d6fe1e3aa5229f2aaf895

Download Submit
memory/1604-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4396-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download