df7fb1f927b10c503eca538f92fa87c08a6a47690b272386906daa2c4ba51124

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 03:08

Target

57aeae1d9ae522bda65d38582737b060_NeikiAnalytics.exe
Size

79KB
MD5

57aeae1d9ae522bda65d38582737b060
SHA1

ae7d4298658edb759e13e62bbd5d4f8ae0e10e0e
SHA256

df7fb1f927b10c503eca538f92fa87c08a6a47690b272386906daa2c4ba51124
SHA512

19f0657bd356bd280c99e00836266dff8f92eaa33feeb1adde1de07ea32cbbc51f5b0e2fb4f272890cf1069b03ace0a8d22cc41984343907ecea138db22d8235
SSDEEP

1536:zvto4eBdpfySdxOQA8AkqUhMb2nuy5wgIP0CSJ+5yzB8GMGlZ5G:zv23BdpfySdAGdqU7uy5w9WMyzN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2708	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2616	2980	57aeae1d9ae522bda65d38582737b060_NeikiAnalytics.exe	83
PID 2980 wrote to memory of 2616	2980	57aeae1d9ae522bda65d38582737b060_NeikiAnalytics.exe	83
PID 2980 wrote to memory of 2616	2980	57aeae1d9ae522bda65d38582737b060_NeikiAnalytics.exe	83
PID 2616 wrote to memory of 2708	2616	cmd.exe	84
PID 2616 wrote to memory of 2708	2616	cmd.exe	84
PID 2616 wrote to memory of 2708	2616	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\57aeae1d9ae522bda65d38582737b060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57aeae1d9ae522bda65d38582737b060_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2708

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5b93c18a1482c6702d5df020f64463f3

SHA1
63531ce9c6077a31ec4aaca0b8e5c3a512823076

SHA256
9350f8f1b6e5b77339f1b49a3f69ab853ced342f8db17ce71ede1a37bda44920

SHA512
99b68b1fc027ba518d0afff31ffc6d4312ab338cc0576fd9ebef13c37ca528c8c39a9bf72ef2ba314f3d42bf2dcfac06f288745ce8173eb6f1c79812408374ed

Download Submit
memory/2708-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2980-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download