e4f8de0e623bcb09e14e0b6b63991759bf8498a3722974890de4b1f199c588af

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 04:38

Target

d28bf21cff89c34058c7469d313e38c0_NEIKI.exe
Size

79KB
MD5

d28bf21cff89c34058c7469d313e38c0
SHA1

9a748af1e7384ca0858d8ccf1030ed1b8dcd2b9c
SHA256

e4f8de0e623bcb09e14e0b6b63991759bf8498a3722974890de4b1f199c588af
SHA512

42ab8b7c340bc47460b843747532df28a95b46fb9f5467ca700397d1f4ad948feafe8c4bed2879d53f0dfe96c21b231a12ff5b7d9a8445a728b12816f37202db
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5y9B8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMy9N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
288	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2316	cmd.exe
2316	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2316	2364	d28bf21cff89c34058c7469d313e38c0_NEIKI.exe	29
PID 2364 wrote to memory of 2316	2364	d28bf21cff89c34058c7469d313e38c0_NEIKI.exe	29
PID 2364 wrote to memory of 2316	2364	d28bf21cff89c34058c7469d313e38c0_NEIKI.exe	29
PID 2364 wrote to memory of 2316	2364	d28bf21cff89c34058c7469d313e38c0_NEIKI.exe	29
PID 2316 wrote to memory of 288	2316	cmd.exe	30
PID 2316 wrote to memory of 288	2316	cmd.exe	30
PID 2316 wrote to memory of 288	2316	cmd.exe	30
PID 2316 wrote to memory of 288	2316	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\d28bf21cff89c34058c7469d313e38c0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\d28bf21cff89c34058c7469d313e38c0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:288

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d0d163a9abcfe85847b92aff3c4b558a

SHA1
3c117a142ed5dc4292913b81984232a9918d086c

SHA256
77d8f59b94a00b1ade8d203367466ac5c647784222c34b7a5e2e406f4ab49437

SHA512
cf5d354049c55479617b80237f7938ee917df2b545cdc4e6a59c5d7cd6dd34ef4d8afb9b7362de980cc018a8cc9738ee24b0ca66168f965efcd4c1236ff756f7

Download Submit
memory/288-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2364-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download