11a1c2d680f6fe50575a38ae37045bda702520eb622533cc841f09e3774a55ee

Analysis

max time kernel
136s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 03:58

Target

c55c7294818c6ff81b770219a1ccc0a0_NEIKI.exe
Size

73KB
MD5

c55c7294818c6ff81b770219a1ccc0a0
SHA1

3aee13e24b7e4d758fefda5a0b19a22a620e9538
SHA256

11a1c2d680f6fe50575a38ae37045bda702520eb622533cc841f09e3774a55ee
SHA512

91b7dab65cf60ad515cc44bfdae290c0255583c7ee91aa1c1ec33bb760fd310e226ee461290c9809f43088900dc941f420a3da4d9e3a10329879d71b009244d3
SSDEEP

1536:hbHOE2e7wuNK5QPqfhVWbdsmA+RjPFLC+e5h50ZGUGf2g:haEFwuNNPqfcxA+HFsh5Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4792	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 3276	2444	c55c7294818c6ff81b770219a1ccc0a0_NEIKI.exe	84
PID 2444 wrote to memory of 3276	2444	c55c7294818c6ff81b770219a1ccc0a0_NEIKI.exe	84
PID 2444 wrote to memory of 3276	2444	c55c7294818c6ff81b770219a1ccc0a0_NEIKI.exe	84
PID 3276 wrote to memory of 4792	3276	cmd.exe	85
PID 3276 wrote to memory of 4792	3276	cmd.exe	85
PID 3276 wrote to memory of 4792	3276	cmd.exe	85
PID 4792 wrote to memory of 4476	4792	[email protected]	86
PID 4792 wrote to memory of 4476	4792	[email protected]	86
PID 4792 wrote to memory of 4476	4792	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\c55c7294818c6ff81b770219a1ccc0a0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\c55c7294818c6ff81b770219a1ccc0a0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3276
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4792
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4476

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
4b48797038818818b2d64aed6f8998af

SHA1
753cbbb1823229994a3ac74e4ae66e9ca9509739

SHA256
a35a8e73fe57fcacfa9080e83194364ea4e0dcae8e7a962c59074b0b8f6a7993

SHA512
a9ea8a9b53e546efa89a73be8ce2edc8822d3f07215b49a08b88a22ef310ccb02859ca883c41110298fb26e107e362031419f9d25221275f394dd8b9411da65b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/2444-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4792-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download