693411ab9a276c0b02bece1fae53ec8d20ff364b01dc501ac31a0ed5fd1f808d

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 15:22

Target

eceaed41650b9c17ed032afed61b93d0_NEIKI.exe
Size

73KB
MD5

eceaed41650b9c17ed032afed61b93d0
SHA1

226686835d80126ab572ad01d3a9ca257e3c1b9d
SHA256

693411ab9a276c0b02bece1fae53ec8d20ff364b01dc501ac31a0ed5fd1f808d
SHA512

35ea464401b7cfce9b4d9494cb8fb9f63a9200da72368d91b2ead6158ed038b9d36b2dfc57193959f5eb0395342170c1014d9dceafb524def6b4176df48378be
SSDEEP

1536:1bPd6aXUhvYMwRHoly48kXA9pD9fWZ/bwPsaqPc1KqvV2mjPx8:Ji2Mt8kQ9p9fSbwPEPQ1/d8

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3200	arfomim-doab.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\arfomim-doab.exe	eceaed41650b9c17ed032afed61b93d0_NEIKI.exe
File created	C:\Windows\SysWOW64\arfomim-doab.exe	eceaed41650b9c17ed032afed61b93d0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\eceaed41650b9c17ed032afed61b93d0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\eceaed41650b9c17ed032afed61b93d0_NEIKI.exe"
1⤵
- Drops file in System32 directory
PID:1504
- C:\Windows\SysWOW64\arfomim-doab.exe
  "C:\Windows\SysWOW64\arfomim-doab.exe"
  2⤵
  - Executes dropped EXE
  PID:3200

C:\Windows\SysWOW64\arfomim-doab.exe

Filesize
70KB

MD5
0d76b50c45e0778779d65ff55945028d

SHA1
16c82be01a39284fa36335f36196711ff734bf08

SHA256
2830bf7ccfce736e5aecc35475fc8af602caa8379a0922335d1f1b38b9c3f7d5

SHA512
3eab67a7608ca35657fe1da1e29c45938fc7da1c4776dbe381dfeb31beb9a8096755703ae14bd89e4e27985429e94bfe7d3e1f03820baf24317237f5bd6b10b9

Download Submit
memory/1504-1-0x00000000773C2000-0x00000000773C3000-memory.dmp

Filesize
4KB

Download
memory/1504-4-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download