537640993fff3fd646319ec6eb253fc527919708f4b2867a61d862c30fbb2f1f

Analysis

max time kernel
133s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 10:19

Target

5f8dc9af1a4a4f08b8ed6ce0e3fd79b0_NEIKI.exe
Size

123KB
MD5

5f8dc9af1a4a4f08b8ed6ce0e3fd79b0
SHA1

fede11254d9fa0a4e3aee7ee1b42e79977002b12
SHA256

537640993fff3fd646319ec6eb253fc527919708f4b2867a61d862c30fbb2f1f
SHA512

073795a35f7213cd6719041f8e4252afc619b6b528f0eea25b2358709f5b8ce200562d39dabcac6a565399fe2d6b03a3792d66ce8f5bf5653184f7c17ea070d5
SSDEEP

3072:s/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSnzt:vtzsb5Uh28+V1WW69B9VjMdxPedN9ugx

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 3708	1440	5f8dc9af1a4a4f08b8ed6ce0e3fd79b0_NEIKI.exe	86
PID 1440 wrote to memory of 3708	1440	5f8dc9af1a4a4f08b8ed6ce0e3fd79b0_NEIKI.exe	86
PID 3708 wrote to memory of 1988	3708	cmd.exe	87
PID 3708 wrote to memory of 1988	3708	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\5f8dc9af1a4a4f08b8ed6ce0e3fd79b0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\5f8dc9af1a4a4f08b8ed6ce0e3fd79b0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3BD0.tmp\3BD1.tmp\3BD2.bat C:\Users\Admin\AppData\Local\Temp\5f8dc9af1a4a4f08b8ed6ce0e3fd79b0_NEIKI.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3708
- - C:\Windows\system32\mode.com
    mode 100.99
    3⤵
    PID:1988

C:\Users\Admin\AppData\Local\Temp\3BD0.tmp\3BD1.tmp\3BD2.bat

Filesize
687B

MD5
3a851d006446ccb597700a013c60e87c

SHA1
d2d79d2be3943f98b9838f97fd5306d2be414183

SHA256
c46bffeeaf8c837a4e4e30d971d41992d501a872ae98ea5812280aa6aec98cb8

SHA512
2b81cd96e41a02b17b444d083f29c15f02039e2e0dcc18be74af8dc7deb6c77aae064e7b5bd760d2721f0e745e27e2d568e2ce1c7fe38371407daa64fba798f6

Download Submit