75e00f11639e6e1746c86833f0b3b984ae43572878a8f5311e87d954ef4a945a

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 02:29

Target

4d7d2682b4906d078648a91becc8c0e0_NeikiAnalytics.exe
Size

79KB
MD5

4d7d2682b4906d078648a91becc8c0e0
SHA1

f77879921f404bac2b28ee68f67c996c6490c177
SHA256

75e00f11639e6e1746c86833f0b3b984ae43572878a8f5311e87d954ef4a945a
SHA512

eb74ca9443ab7dceec4bc5bb1206aab22f5c5b04d77a912020e1edcae87129fbd46f65d5110c0e264bcce6325bab823d1d35fe3a213abfe3a96d869ead58960c
SSDEEP

1536:zvpoooXM5F0qfhj2ipNOQA8AkqUhMb2nuy5wgIP0CSJ+5y2B8GMGlZ5G:zvpoooE062VGdqU7uy5w9WMy2N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3012	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4424	4664	4d7d2682b4906d078648a91becc8c0e0_NeikiAnalytics.exe	83
PID 4664 wrote to memory of 4424	4664	4d7d2682b4906d078648a91becc8c0e0_NeikiAnalytics.exe	83
PID 4664 wrote to memory of 4424	4664	4d7d2682b4906d078648a91becc8c0e0_NeikiAnalytics.exe	83
PID 4424 wrote to memory of 3012	4424	cmd.exe	84
PID 4424 wrote to memory of 3012	4424	cmd.exe	84
PID 4424 wrote to memory of 3012	4424	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\4d7d2682b4906d078648a91becc8c0e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d7d2682b4906d078648a91becc8c0e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3012

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
98e7631b13efad87cf738547d567340a

SHA1
6227c6f9e786ef4818d8acce48cc39c736884e8f

SHA256
b8a28b750836983d9149b15c2703e76cfa9868b18023b81f2cc429c9cfb6d89c

SHA512
1aa1028849d573f5d4b91eca3d42dd95bcd1f2ff3c2585141c10370aeb5e306e0b6ccebc45475cb8f5cca006f699cc94bc705b9cd4bfad154d2fb10a112bb5ef

Download Submit
memory/3012-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4664-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download