82ef103d8760044212fcbd795b39a0d6d9a91e227673ddf127f6ab8851a9c0d8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 08:22

Target

28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe
Size

79KB
MD5

28266f13e8e2f0bfdaef4abd6990a340
SHA1

05fd6bfa84e49d59151b979ddee1465bde0112df
SHA256

82ef103d8760044212fcbd795b39a0d6d9a91e227673ddf127f6ab8851a9c0d8
SHA512

3bdf50d9478bfe989f6847416192665f3993e51827328e0ffa1a61ba3035f505300c2f9ee3291fdd1c9c1cf9a835c5ee3e7824762a1c21ffea9843d7d24bf70f
SSDEEP

1536:zvKxifeJrDfME+2+OQA8AkqUhMb2nuy5wgIP0CSJ+5yQB8GMGlZ5G:zvGifgMSGdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2204	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2404	cmd.exe
2404	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2404	2740	28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe	29
PID 2740 wrote to memory of 2404	2740	28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe	29
PID 2740 wrote to memory of 2404	2740	28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe	29
PID 2740 wrote to memory of 2404	2740	28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe	29
PID 2404 wrote to memory of 2204	2404	cmd.exe	30
PID 2404 wrote to memory of 2204	2404	cmd.exe	30
PID 2404 wrote to memory of 2204	2404	cmd.exe	30
PID 2404 wrote to memory of 2204	2404	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2204

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bff182789439782a6a8f17debdde3f54

SHA1
6af7b18a9ab738b30f6f44f08f50df4203da90f3

SHA256
822d5da54dad5c87d75754f8f95b19a585d56d82da4301164ff1cdceffcfc47b

SHA512
cec2a05bd7fbe0d39ba50407a7e6fad77750c14e10a3e58c46f1ebd7de199d963613d24a4d10f479d22b5b91f4b6ca151e24387e123044b1df1635cb9c381aa1

Download Submit
memory/2204-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2740-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download