2479f6b8fb69ecdbbd07c8dbbe02b9c326d7d63b5ce835ab763377a556309488

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 18:19

Target

0b8adbbc50900a57d1da82da7d6a44a0_NEIKI.exe
Size

79KB
MD5

0b8adbbc50900a57d1da82da7d6a44a0
SHA1

46e1bcb632e796b12b101733bf0e5826cd31da94
SHA256

2479f6b8fb69ecdbbd07c8dbbe02b9c326d7d63b5ce835ab763377a556309488
SHA512

ede417d86c9daf697845b9fb21830e145dd2766d3945f5b9b67e4a74e680ca629c11f2747467a13645f9224df9f5b7a452fbb4fda4d061763abcc663c5de8fc7
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5ytB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2932	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2972	cmd.exe
2972	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2972	2252	0b8adbbc50900a57d1da82da7d6a44a0_NEIKI.exe	29
PID 2252 wrote to memory of 2972	2252	0b8adbbc50900a57d1da82da7d6a44a0_NEIKI.exe	29
PID 2252 wrote to memory of 2972	2252	0b8adbbc50900a57d1da82da7d6a44a0_NEIKI.exe	29
PID 2252 wrote to memory of 2972	2252	0b8adbbc50900a57d1da82da7d6a44a0_NEIKI.exe	29
PID 2972 wrote to memory of 2932	2972	cmd.exe	30
PID 2972 wrote to memory of 2932	2972	cmd.exe	30
PID 2972 wrote to memory of 2932	2972	cmd.exe	30
PID 2972 wrote to memory of 2932	2972	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0b8adbbc50900a57d1da82da7d6a44a0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\0b8adbbc50900a57d1da82da7d6a44a0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2932

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7b5a22f793466f29477d76bf23678d78

SHA1
b066713ad9a1bd5e42a39008ec7f015a59319505

SHA256
cbd48a2a385c55226c452381dc562623279f6ee837bdeb8b7f407347b58ac14f

SHA512
dcf4f3094a06af3ce2c9a1fe6c0c4e07eaa272cbce2498e9a80fb6d44ddb816077848d1117d66162cb794b804794e0f5fd2b77a1414d287637d7d10cb701e089

Download Submit
memory/2252-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2932-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download