c9812312cef5f725db3c6342c5fdfd323213a70c4bb20b607354bf6294499057

Analysis

max time kernel
142s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 11:55

Target

99ae58c1a5ddb4badba86f3f17e414d0_NEIKI.exe
Size

79KB
MD5

99ae58c1a5ddb4badba86f3f17e414d0
SHA1

a9d10fc2f5350785a2e669773441de52073f8d07
SHA256

c9812312cef5f725db3c6342c5fdfd323213a70c4bb20b607354bf6294499057
SHA512

bd7b13d1aecdc2b40111d2d0b1e29ddb3cf931d388b7b3a0477a1ac78725751b90fa9f6a69c4b6ab403d82e10499b50b9388020aae6267505cde2d85c59bd126
SSDEEP

1536:zvQ8yOjKe+ccOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvQRdoGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4268	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 4144	4136	99ae58c1a5ddb4badba86f3f17e414d0_NEIKI.exe	86
PID 4136 wrote to memory of 4144	4136	99ae58c1a5ddb4badba86f3f17e414d0_NEIKI.exe	86
PID 4136 wrote to memory of 4144	4136	99ae58c1a5ddb4badba86f3f17e414d0_NEIKI.exe	86
PID 4144 wrote to memory of 4268	4144	cmd.exe	87
PID 4144 wrote to memory of 4268	4144	cmd.exe	87
PID 4144 wrote to memory of 4268	4144	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\99ae58c1a5ddb4badba86f3f17e414d0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\99ae58c1a5ddb4badba86f3f17e414d0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4268

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2cff85188d0adaa3527e01743e36ab99

SHA1
76174fe81fe3fbaf869e4d4c9cb8b7c01327f062

SHA256
2ef9c59dfe99a77418e0eee45bd5b4d01d90441c96c8c6125e2fc3551658a6e4

SHA512
99dd8c65e462e8059e5fd22a002129cc68e511dc28200b8d753f4394c956ba2c66a6d714c1970a50f70e916a3629f6e54c9e0d5badc5d135c9cf4a2b2f947f3f

Download Submit
memory/4136-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4268-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download