ade801bb27ca0ac6ace38d6d6304a42c069da1d93905ec7a632f3ecfc0329a98

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 00:20

Target

2b3533d3308e5a58260fe6159fa401c0_NeikiAnalytics.exe
Size

73KB
MD5

2b3533d3308e5a58260fe6159fa401c0
SHA1

423052e971d3eb8f886390915a73810db71ed8fc
SHA256

ade801bb27ca0ac6ace38d6d6304a42c069da1d93905ec7a632f3ecfc0329a98
SHA512

da744a8ac28e7342abcd48d0ad67ac94a3ba26f4b10a225ecc92d563c460e67458cd5445a851f6515bc1d0f1cc7f601a2a6b23604b666e46fb04ad236b17d731
SSDEEP

1536:hbkaWqFWZmj2aZK5QPqfhVWbdsmA+RjPFLC+e5hU0ZGUGf2g:hwa5XCONPqfcxA+HFshUOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2256	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 1168	4928	2b3533d3308e5a58260fe6159fa401c0_NeikiAnalytics.exe	82
PID 4928 wrote to memory of 1168	4928	2b3533d3308e5a58260fe6159fa401c0_NeikiAnalytics.exe	82
PID 4928 wrote to memory of 1168	4928	2b3533d3308e5a58260fe6159fa401c0_NeikiAnalytics.exe	82
PID 1168 wrote to memory of 2256	1168	cmd.exe	83
PID 1168 wrote to memory of 2256	1168	cmd.exe	83
PID 1168 wrote to memory of 2256	1168	cmd.exe	83
PID 2256 wrote to memory of 2360	2256	[email protected]	84
PID 2256 wrote to memory of 2360	2256	[email protected]	84
PID 2256 wrote to memory of 2360	2256	[email protected]	84

C:\Users\Admin\AppData\Local\Temp\2b3533d3308e5a58260fe6159fa401c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2b3533d3308e5a58260fe6159fa401c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1168
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2360

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
8411b030697e2c2e9ac3742ad1abdeb1

SHA1
cf548b7c2e333f8029e7816289e0f5b1ddeda751

SHA256
e397276318f7e88d18ead72c5c67a95a28f1b8be801547c7d820552053311445

SHA512
830e456ca23a92d4b2bf492316f48f649d9da12c3df18517572621c185b596360892a7180a4304b5d273c4e13cc90b06e67268d4128e564bdf043c1672775cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/2256-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4928-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download