334a259e6f7f7a6d524a48544009d0ef5362f6356282a75457b5c149d7f325e8

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 22:19

Target

0e3c1a09d44aa5d011692889526bcd50_NeikiAnalytics.exe
Size

79KB
MD5

0e3c1a09d44aa5d011692889526bcd50
SHA1

9d320fdce1188ba5f3fd70c992cd6e7d8b16345b
SHA256

334a259e6f7f7a6d524a48544009d0ef5362f6356282a75457b5c149d7f325e8
SHA512

4e960c1271db703b4eae329e529dd2c92bddb4b40be88bb1ff9bcafd01fac09a158629ba71a4997a0bd5bac88ef5e5f685ce635b7a48eae3a3f60f74a67e0546
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5ykBB8GMGlZ5G:zv652PjGdqU7uy5w9WMykBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3988	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 3784	1180	0e3c1a09d44aa5d011692889526bcd50_NeikiAnalytics.exe	83
PID 1180 wrote to memory of 3784	1180	0e3c1a09d44aa5d011692889526bcd50_NeikiAnalytics.exe	83
PID 1180 wrote to memory of 3784	1180	0e3c1a09d44aa5d011692889526bcd50_NeikiAnalytics.exe	83
PID 3784 wrote to memory of 3988	3784	cmd.exe	84
PID 3784 wrote to memory of 3988	3784	cmd.exe	84
PID 3784 wrote to memory of 3988	3784	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\0e3c1a09d44aa5d011692889526bcd50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e3c1a09d44aa5d011692889526bcd50_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3784
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3988

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
99f43ee75585ff894432f6400626fddd

SHA1
09bd10053d444722c0de0147bbaa2d0af711d70c

SHA256
525a2b25f62efce79118a66b3bd7d5776fdbd9fdfeab12ce964406f4e993bcb3

SHA512
2aa24e8b53d6cd5d3cd223429219fcc9a7b2348ccbd79cee9650437903b0bf22dafd7b0792d8b9e4af5fc2d399ecfe6317a405c8246c6284f399aed644479eca

Download Submit
memory/1180-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3988-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download