e4f8de0e623bcb09e14e0b6b63991759bf8498a3722974890de4b1f199c588af

Analysis

max time kernel
131s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 04:38

Target

d28bf21cff89c34058c7469d313e38c0_NEIKI.exe
Size

79KB
MD5

d28bf21cff89c34058c7469d313e38c0
SHA1

9a748af1e7384ca0858d8ccf1030ed1b8dcd2b9c
SHA256

e4f8de0e623bcb09e14e0b6b63991759bf8498a3722974890de4b1f199c588af
SHA512

42ab8b7c340bc47460b843747532df28a95b46fb9f5467ca700397d1f4ad948feafe8c4bed2879d53f0dfe96c21b231a12ff5b7d9a8445a728b12816f37202db
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5y9B8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMy9N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4684	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 1012	540	d28bf21cff89c34058c7469d313e38c0_NEIKI.exe	85
PID 540 wrote to memory of 1012	540	d28bf21cff89c34058c7469d313e38c0_NEIKI.exe	85
PID 540 wrote to memory of 1012	540	d28bf21cff89c34058c7469d313e38c0_NEIKI.exe	85
PID 1012 wrote to memory of 4684	1012	cmd.exe	86
PID 1012 wrote to memory of 4684	1012	cmd.exe	86
PID 1012 wrote to memory of 4684	1012	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\d28bf21cff89c34058c7469d313e38c0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\d28bf21cff89c34058c7469d313e38c0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1012
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4684

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d0d163a9abcfe85847b92aff3c4b558a

SHA1
3c117a142ed5dc4292913b81984232a9918d086c

SHA256
77d8f59b94a00b1ade8d203367466ac5c647784222c34b7a5e2e406f4ab49437

SHA512
cf5d354049c55479617b80237f7938ee917df2b545cdc4e6a59c5d7cd6dd34ef4d8afb9b7362de980cc018a8cc9738ee24b0ca66168f965efcd4c1236ff756f7

Download Submit
memory/540-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4684-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download