40095d535b7a5c85477f32e01c5cffd05f038aec9f35cb67ccef896be1cafc73

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 22:09

Target

0b7de0617cb266e9e501c98e71bb5400_NeikiAnalytics.exe
Size

79KB
MD5

0b7de0617cb266e9e501c98e71bb5400
SHA1

82cb1cd3596d4a8e8b7cda636edb5a3b14e6a2d0
SHA256

40095d535b7a5c85477f32e01c5cffd05f038aec9f35cb67ccef896be1cafc73
SHA512

1b70e12570dc70dc977df1863ea7cdfd8b161c4535525d76b3e136ac016d5603c0a47037a542a9a6bd1e1d19dab9ceb38e90ef92605bb3331aed256006eee221
SSDEEP

1536:zvXObzfMmFJA4r0BOQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zvXOnkmw4rdGdqU7uy5w9WMyMN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3988	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 4660	372	0b7de0617cb266e9e501c98e71bb5400_NeikiAnalytics.exe	82
PID 372 wrote to memory of 4660	372	0b7de0617cb266e9e501c98e71bb5400_NeikiAnalytics.exe	82
PID 372 wrote to memory of 4660	372	0b7de0617cb266e9e501c98e71bb5400_NeikiAnalytics.exe	82
PID 4660 wrote to memory of 3988	4660	cmd.exe	83
PID 4660 wrote to memory of 3988	4660	cmd.exe	83
PID 4660 wrote to memory of 3988	4660	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\0b7de0617cb266e9e501c98e71bb5400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b7de0617cb266e9e501c98e71bb5400_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3988

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
74b3048c25081d1bacd9a08f578af178

SHA1
2ae0d6a8bbf2b2c7a63a0aa2ea22f91dfacd3765

SHA256
8a11529b83c2658011f203512b284d7cf53fe8c926214e7c5fd3d94b0839c813

SHA512
25dd83b6750e9addec04c24398666339843f2de228cc833e0582f1831a5d941c33ae8f605ccd0fafe0346349dd269ecc1ff0349c2a241ebc865e3f64d347beaa

Download Submit
memory/372-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3988-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download