2cab6e4e41d9c2ac64a33dbfc739fabbfc21a71ddbcd28ebc416842894f22f2d

Analysis

max time kernel
140s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 00:56

Target

34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe
Size

79KB
MD5

34cfddf586011ee8ec3abd7e186b66b0
SHA1

a0c3f65bf87d6cd5bda2b20c2a118a400887e7d1
SHA256

2cab6e4e41d9c2ac64a33dbfc739fabbfc21a71ddbcd28ebc416842894f22f2d
SHA512

ef58479722074ef90de5ba4377177e78b0760c9101c72c8ef72c1cb93bf3dd92219d4c225314eaa270e9ff441635259634e7b7c9c0e63bc0af6eb43e261a7d29
SSDEEP

1536:zvxVDuD1AYrOQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvPqT6GdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3216	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2372	2268	34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe	83
PID 2268 wrote to memory of 2372	2268	34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe	83
PID 2268 wrote to memory of 2372	2268	34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe	83
PID 2372 wrote to memory of 3216	2372	cmd.exe	84
PID 2372 wrote to memory of 3216	2372	cmd.exe	84
PID 2372 wrote to memory of 3216	2372	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3216

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
538a5a7a99148ac1a6867df3967db5a8

SHA1
e91ff3c01aef37ab53062338fa77c81dc511c3aa

SHA256
043372a05da11dd7e9f03feb054785dfd23f27352595d24b3c9682e45533ce72

SHA512
3b6cc9eccdb5730952ea35fd6882679ba9d968b4e7ebad9cfae4467b479a1aa01c55abcc9b7e29592a0545ceb4af50ff39ef73c793bbd52ea2d60ab7e0f51288

Download Submit
memory/2268-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3216-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download