6885e04a544ad8fa205ceea2ba30556b70b3ba28feb7831ac9573fa1cbf071d7

Analysis

max time kernel
133s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 02:01

Target

a01cdaec6528a511a52bc21c27161e00_NEIKI.exe
Size

80KB
MD5

a01cdaec6528a511a52bc21c27161e00
SHA1

e4a28f90d4983b9f695ffa9c31ad78b41ead5486
SHA256

6885e04a544ad8fa205ceea2ba30556b70b3ba28feb7831ac9573fa1cbf071d7
SHA512

cdc534ccaaaa556a5ea12dbb0e613cc1530cfafba7ccce257c5f1481a27231bcd8cd2eb7cb7d7d95fb329acb20ad68327f8f07b2e67efd75736674fc062d148f
SSDEEP

1536:vPA/IAt1hxMZVlfQv6QHJv+O2HetSEgScJc7HmD24GW0CmuJd4BXL:3AQA7hxmlfQ5pv+O2+8EyJcUBbd45

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1036	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe

Executes dropped EXE 1 IoCs

pid	Process
1036	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/724-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0009000000023b15-11.dat	upx
behavioral2/memory/1036-12-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
724	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
724	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe
1036	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 1036	724	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe	84
PID 724 wrote to memory of 1036	724	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe	84
PID 724 wrote to memory of 1036	724	a01cdaec6528a511a52bc21c27161e00_NEIKI.exe	84

C:\Users\Admin\AppData\Local\Temp\a01cdaec6528a511a52bc21c27161e00_NEIKI.exe

Filesize
80KB

MD5
d640424e29e11f6b1212de58a4664ff4

SHA1
fcae11f0d687785576f74c1e59ee5cd5da2546ab

SHA256
b6bd788afbeb267091a710b3620d8c2f0137ca6142f73522d594553bea79f039

SHA512
c81bc84bb0b6fe9e9e8ba5a5e1211d604cf527371dea950f7c3252968169c4f92f2bd0285b503bf894f211b348f3e75b67ad6983bfa6500989389f57d2f02a14

Download Submit
memory/724-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/724-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/724-1-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/724-13-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1036-12-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1036-14-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/1036-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1036-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1036-25-0x00000000014C0000-0x00000000014DB000-memory.dmp

Filesize
108KB

Download
memory/1036-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download