695aa1891ace0d53a376dc9c8d4e9b3233c364be37d44b68afc4e6a44f88622a

Analysis

max time kernel
133s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 04:44

Target

d492746670031de8a2894419b88a5410_NEIKI.exe
Size

79KB
MD5

d492746670031de8a2894419b88a5410
SHA1

1834290607da59167cdcd317b0213dd3731531fb
SHA256

695aa1891ace0d53a376dc9c8d4e9b3233c364be37d44b68afc4e6a44f88622a
SHA512

10aad6fb7f3e7aab05247fae781bf8463ef151b735c9c812e39d6be572037425edc9f6c4fd11d30c3778dfc76aa646c9846e0778dc7ef853f74598545006a631
SSDEEP

1536:zvORT9Dfdsz9qOkOQA8AkqUhMb2nuy5wgIP0CSJ+5y8B8GMGlZ5G:zvYDGVBGdqU7uy5w9WMy8N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1776	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 2936	4604	d492746670031de8a2894419b88a5410_NEIKI.exe	86
PID 4604 wrote to memory of 2936	4604	d492746670031de8a2894419b88a5410_NEIKI.exe	86
PID 4604 wrote to memory of 2936	4604	d492746670031de8a2894419b88a5410_NEIKI.exe	86
PID 2936 wrote to memory of 1776	2936	cmd.exe	87
PID 2936 wrote to memory of 1776	2936	cmd.exe	87
PID 2936 wrote to memory of 1776	2936	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\d492746670031de8a2894419b88a5410_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\d492746670031de8a2894419b88a5410_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1776

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d3a7545f0aef40350e0136ae331111c6

SHA1
f575eb773dca537e6aa57facd69f7033f6fff3b8

SHA256
3587c8ebfd002530d815eca3accea8e9ed83b4c9023c4faa87f37a0af707a3c2

SHA512
b05276576b46f086fedaf219610c79cb2c4766dd54464668badebc1832ea843680246765d036bb6bfc824ae34f64f323167273320ae38dbe4d8a343db3b8c03c

Download Submit
memory/1776-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4604-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download