029e5ba44c8e60fe679508b655f5507ab7138d385289258d3d11dc2325019b6c

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 06:30

Target

f7d1bba23308ea6d9191ad5e393ac8d0_NEIKI.exe
Size

79KB
MD5

f7d1bba23308ea6d9191ad5e393ac8d0
SHA1

d892f39449ba96a17a5e01d4fc3e0ff30256e6a2
SHA256

029e5ba44c8e60fe679508b655f5507ab7138d385289258d3d11dc2325019b6c
SHA512

0c72f546a6b927b9987fb2f8d2df13fef869fe31ee54e4ebe1b2e76d259dde1d8819bdd1c9c84f18fab82c8c5208306b4fbd068cf29ea7d790ae16f660f6a726
SSDEEP

1536:zvnkjhiUanSOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zvnZbXGdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
396	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 4052	4660	f7d1bba23308ea6d9191ad5e393ac8d0_NEIKI.exe	86
PID 4660 wrote to memory of 4052	4660	f7d1bba23308ea6d9191ad5e393ac8d0_NEIKI.exe	86
PID 4660 wrote to memory of 4052	4660	f7d1bba23308ea6d9191ad5e393ac8d0_NEIKI.exe	86
PID 4052 wrote to memory of 396	4052	cmd.exe	87
PID 4052 wrote to memory of 396	4052	cmd.exe	87
PID 4052 wrote to memory of 396	4052	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\f7d1bba23308ea6d9191ad5e393ac8d0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\f7d1bba23308ea6d9191ad5e393ac8d0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:396

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
50b26d012d407af7db0839af0a2cabd5

SHA1
5227562a39ac6760b43770a25c477618abe1e8e0

SHA256
e34886ef06a154b051f231d3e0f896cebf870a38c4064d1559acc22148510034

SHA512
6118f24a2fb0f0ee587d14612363bbc4ac3508d3eea02e5ab446e275c435be4d0854d838147a0b153d3e51bc79edb0bbd3c93762ac3f29b4976c101cfc881f2b

Download Submit
memory/396-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4660-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download