60e3b3c02f49701527f3821a517d5c75e5643d0b497527ec80c2f974b00549d8

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 00:58

Target

8587377a1a522511ed8e17ed6130bcb0_NEIKI.exe
Size

79KB
MD5

8587377a1a522511ed8e17ed6130bcb0
SHA1

265e17ead0714fcabe555f2eda8abf27bca5e647
SHA256

60e3b3c02f49701527f3821a517d5c75e5643d0b497527ec80c2f974b00549d8
SHA512

ce18112f56534baa659ef8493270629ce25509f25987476c4746a141c8195333aa6e7ac1e2c5e1eb05b4e1e52843556cca6b36be19bd3d77a0167c665a8c454a
SSDEEP

1536:zvOAQ/EOZ0jubUE1OQA8AkqUhMb2nuy5wgIP0CSJ+5ylB8GMGlZ5G:zvyCjubEGdqU7uy5w9WMylN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3556	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 2084	4504	8587377a1a522511ed8e17ed6130bcb0_NEIKI.exe	84
PID 4504 wrote to memory of 2084	4504	8587377a1a522511ed8e17ed6130bcb0_NEIKI.exe	84
PID 4504 wrote to memory of 2084	4504	8587377a1a522511ed8e17ed6130bcb0_NEIKI.exe	84
PID 2084 wrote to memory of 3556	2084	cmd.exe	85
PID 2084 wrote to memory of 3556	2084	cmd.exe	85
PID 2084 wrote to memory of 3556	2084	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\8587377a1a522511ed8e17ed6130bcb0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\8587377a1a522511ed8e17ed6130bcb0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3556

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4efb93bdd058ec6f9d51cf5165f7f1c5

SHA1
e03463d022d472b2b95845de825b3783a7a65178

SHA256
2c1b662275992d8c04e2d183eadb20d17a16b49f140dbb49686ee3bb4c6bf6de

SHA512
a416538a429935f640153e2a7096fa62580d03c1c47d6f297c53097e921b2359658ce739737ca870f1c2cb7cb59914900344b7fa7120ae7ca110f8abdf7904e0

Download Submit
memory/3556-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4504-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download