82ef103d8760044212fcbd795b39a0d6d9a91e227673ddf127f6ab8851a9c0d8

Analysis

max time kernel
136s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 08:22

Target

28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe
Size

79KB
MD5

28266f13e8e2f0bfdaef4abd6990a340
SHA1

05fd6bfa84e49d59151b979ddee1465bde0112df
SHA256

82ef103d8760044212fcbd795b39a0d6d9a91e227673ddf127f6ab8851a9c0d8
SHA512

3bdf50d9478bfe989f6847416192665f3993e51827328e0ffa1a61ba3035f505300c2f9ee3291fdd1c9c1cf9a835c5ee3e7824762a1c21ffea9843d7d24bf70f
SSDEEP

1536:zvKxifeJrDfME+2+OQA8AkqUhMb2nuy5wgIP0CSJ+5yQB8GMGlZ5G:zvGifgMSGdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
536	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 1392	3564	28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe	84
PID 3564 wrote to memory of 1392	3564	28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe	84
PID 3564 wrote to memory of 1392	3564	28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe	84
PID 1392 wrote to memory of 536	1392	cmd.exe	85
PID 1392 wrote to memory of 536	1392	cmd.exe	85
PID 1392 wrote to memory of 536	1392	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\28266f13e8e2f0bfdaef4abd6990a340_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:536

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bff182789439782a6a8f17debdde3f54

SHA1
6af7b18a9ab738b30f6f44f08f50df4203da90f3

SHA256
822d5da54dad5c87d75754f8f95b19a585d56d82da4301164ff1cdceffcfc47b

SHA512
cec2a05bd7fbe0d39ba50407a7e6fad77750c14e10a3e58c46f1ebd7de199d963613d24a4d10f479d22b5b91f4b6ca151e24387e123044b1df1635cb9c381aa1

Download Submit
memory/536-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3564-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download