72139fa0c2645983de7c4d8152990ca31cfe7d61bd4f09810ec1e072aad53fd0

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 04:30

Target

cfda4f6981fe1f3ee38dddee9e2f9050_NEIKI.exe
Size

79KB
MD5

cfda4f6981fe1f3ee38dddee9e2f9050
SHA1

ebb087365533ee27e17c03a3b5c36db86e9edfe5
SHA256

72139fa0c2645983de7c4d8152990ca31cfe7d61bd4f09810ec1e072aad53fd0
SHA512

afb7de06c40fe4c2be82245b56040abfd350148c06e6b0e23c71021b7b82711225595251e780e6d0f9b6d9537bacc4aef26eb1fbc543f139234dab04761851fa
SSDEEP

1536:zvT7uOoAwg4YQn3COQA8AkqUhMb2nuy5wgIP0CSJ+5y+tB8GMGlZ5G:zv+OoT3GdqU7uy5w9WMy2N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2984	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2480	cmd.exe
2480	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2480	2240	cfda4f6981fe1f3ee38dddee9e2f9050_NEIKI.exe	29
PID 2240 wrote to memory of 2480	2240	cfda4f6981fe1f3ee38dddee9e2f9050_NEIKI.exe	29
PID 2240 wrote to memory of 2480	2240	cfda4f6981fe1f3ee38dddee9e2f9050_NEIKI.exe	29
PID 2240 wrote to memory of 2480	2240	cfda4f6981fe1f3ee38dddee9e2f9050_NEIKI.exe	29
PID 2480 wrote to memory of 2984	2480	cmd.exe	30
PID 2480 wrote to memory of 2984	2480	cmd.exe	30
PID 2480 wrote to memory of 2984	2480	cmd.exe	30
PID 2480 wrote to memory of 2984	2480	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\cfda4f6981fe1f3ee38dddee9e2f9050_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\cfda4f6981fe1f3ee38dddee9e2f9050_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2984

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
73dc0752bf3242a10536ee8e0f745df3

SHA1
8a83bd85153b18188a50c465adc15080e3cd8dea

SHA256
d5e81c3ff79f3e23dc412fed51d759ceac38ffcf5aff4554308741f281a0706d

SHA512
b9f9c3883f95971b2971a6afb31b08f41a7391f954801e565b56955a2627f3da1d438b5c3b42fcb03ef39e6ef0af7de8a84d9735e734c6a9167d9a0909a46e37

Download Submit
memory/2240-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2984-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download