978cf744d578a68dfc2cedbb5484e848d0eeafb946a1d2dd057bd3a044aaa088

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 22:27

Target

1097c806e66bbc82fbffa44fc81f56c0_NeikiAnalytics.exe
Size

79KB
MD5

1097c806e66bbc82fbffa44fc81f56c0
SHA1

74582f438040eab8ea132ed371bdb25eb4f8dcc7
SHA256

978cf744d578a68dfc2cedbb5484e848d0eeafb946a1d2dd057bd3a044aaa088
SHA512

a0eec3a36811bad90502d2b2a10c9a76228e6318a02ee020b96714cf96ebea9db0e204f173fcc4f3aef4dae5de113fd6a78a9f29005fc5c7c78df6f87d46383f
SSDEEP

1536:zvNY1FBub1Ht0OQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zvNQFexGdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
464	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1220	2156	1097c806e66bbc82fbffa44fc81f56c0_NeikiAnalytics.exe	84
PID 2156 wrote to memory of 1220	2156	1097c806e66bbc82fbffa44fc81f56c0_NeikiAnalytics.exe	84
PID 2156 wrote to memory of 1220	2156	1097c806e66bbc82fbffa44fc81f56c0_NeikiAnalytics.exe	84
PID 1220 wrote to memory of 464	1220	cmd.exe	85
PID 1220 wrote to memory of 464	1220	cmd.exe	85
PID 1220 wrote to memory of 464	1220	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\1097c806e66bbc82fbffa44fc81f56c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1097c806e66bbc82fbffa44fc81f56c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1220
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:464

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d6fad0fcf69df728f63e5d3add73a1ab

SHA1
bf888ce376164ab6dc31cd38a3ee37d2c50a00cf

SHA256
0921c7b2f07697ed79dd154b098424ccdabc3e0f2aa06947782fc03fe0aa8faa

SHA512
635dd28154d580a46b46a2a9a15b786e5ee9c73293526bb33ca8c8a36a8af963d15f4c3b58c5de89dde37c286abc70edf2967437bfece6d20b04e606c00a59de

Download Submit
memory/464-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2156-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download