b509b0bc60edd14668baabc8d885fcc7230eb5ce969db8ca4773529164d7f735

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 21:37

Target

03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe
Size

79KB
MD5

03e74ca7f846a73135c09deded0be740
SHA1

86ae7def097a6d05c0b14b6a078ee60346363661
SHA256

b509b0bc60edd14668baabc8d885fcc7230eb5ce969db8ca4773529164d7f735
SHA512

38b30ac6d5e2737b066bd27dab3912d5d0953dbcbe65f792aa953e9915ff34e1608e72fb785bf616abc3b6bbd6e341ffccbb7da3e67492a2b04f31688ee65cb1
SSDEEP

1536:zvLL///iH7AtfIrRjOQA8AkqUhMb2nuy5wgIP0CSJ+5y2B8GMGlZ5G:zvf///iH7+fUQGdqU7uy5w9WMy2N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
692	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 2312	5072	03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe	83
PID 5072 wrote to memory of 2312	5072	03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe	83
PID 5072 wrote to memory of 2312	5072	03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe	83
PID 2312 wrote to memory of 692	2312	cmd.exe	84
PID 2312 wrote to memory of 692	2312	cmd.exe	84
PID 2312 wrote to memory of 692	2312	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:692

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4c5048ed7e17865d89b97a688abb7bc7

SHA1
ae6a039939b7d4a28e596da68c3d9ac90c0a4324

SHA256
041653d8774b5bc759b60be407d34e18cc28ebac45fe15830882883316e5bc28

SHA512
17d18b99cd11812a8359b1a542d738537952d01b07099649fe0be5b925ba6102cd3b84d5a9f2518ee3c4891dc4b282e42657b7045c33f6d792e28f7c4046e620

Download Submit
memory/692-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5072-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download