818ff3de518dd9fe4a45af17adb1f7a07e10ef4f6651a6b1f3368d4273dc3e26

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 05:45

Target

e905ef9e77d7541f0fbd1cc647fa7550_NEIKI.exe
Size

79KB
MD5

e905ef9e77d7541f0fbd1cc647fa7550
SHA1

8eac181fbad2309b4491657a09483f98f4796018
SHA256

818ff3de518dd9fe4a45af17adb1f7a07e10ef4f6651a6b1f3368d4273dc3e26
SHA512

7202a1292c1cc5a1eab6de3014e1e391678e393b4eb9d5c8f19a867f5ddf475e38b9639628a9f2de3482539a10b68720fddb0abd17b7e789acbea8281c73b8e0
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3840	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 4148	4616	e905ef9e77d7541f0fbd1cc647fa7550_NEIKI.exe	84
PID 4616 wrote to memory of 4148	4616	e905ef9e77d7541f0fbd1cc647fa7550_NEIKI.exe	84
PID 4616 wrote to memory of 4148	4616	e905ef9e77d7541f0fbd1cc647fa7550_NEIKI.exe	84
PID 4148 wrote to memory of 3840	4148	cmd.exe	85
PID 4148 wrote to memory of 3840	4148	cmd.exe	85
PID 4148 wrote to memory of 3840	4148	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\e905ef9e77d7541f0fbd1cc647fa7550_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\e905ef9e77d7541f0fbd1cc647fa7550_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4148
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3840

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1955782022d947b86735c9aba264f945

SHA1
b79f8097abe88e45865218fa1f10d9b3cfec8175

SHA256
7e6ef2ce4e8a62e69c7f9909b4b53ce1d0f37fa784ead517dacdfca6e7d7e4ba

SHA512
d1b6a5e289097405a047874e86cc22357b43cf309a101f81c17ea63151d2029a9810e37bd5fb2bfd76019f8061bcf8bdb0b7994ea4d461e79a11307d87901fec

Download Submit
memory/3840-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4616-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download