707d427a7ad3f0fcc269fbf03141ef06cda0746a497da96df061a248105906e1

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 00:33

Target

2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe
Size

79KB
MD5

2e9468c8459cdcedb492789a36c90e70
SHA1

69b2a8e20aaf7114d91a77907345bfa172302787
SHA256

707d427a7ad3f0fcc269fbf03141ef06cda0746a497da96df061a248105906e1
SHA512

0f8d74fca610fbbc7447c6adef232c7cca60086f4069e1b9b296d565de25433f629982801720d1d535ac7bb16ee624d69fc372b7a92c1d5e892847411156bef3
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3160	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 2336	228	2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe	83
PID 228 wrote to memory of 2336	228	2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe	83
PID 228 wrote to memory of 2336	228	2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe	83
PID 2336 wrote to memory of 3160	2336	cmd.exe	84
PID 2336 wrote to memory of 3160	2336	cmd.exe	84
PID 2336 wrote to memory of 3160	2336	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3160

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ac52eed606175d673d49ca8a6497f5e5

SHA1
2ba89aa1889f4efaa151ef621419e8c4fb54c279

SHA256
2fdfbedb0a4c9533c9b887d137c6606e2f768b57e4b49270e2efd23e396f67f8

SHA512
ed1185ec45e4f286b9543e9eaa11933947ce9e0f4ac6db1d245ff5d9bf3c20390264d5ba1a68d3dcdbb47574ee17046f6cc1e5c50e683a7058c50087923d9206

Download Submit
memory/228-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3160-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download