fea72a3c86573fc87d876b6fb78f2589ec2943f1b27957496add9f9f714b137b

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 03:15

Target

59860e6b9a8e34504bff0afcd94a2960_NeikiAnalytics.exe
Size

79KB
MD5

59860e6b9a8e34504bff0afcd94a2960
SHA1

18ebe0ad15634f05fd2a887202a97981295041c5
SHA256

fea72a3c86573fc87d876b6fb78f2589ec2943f1b27957496add9f9f714b137b
SHA512

55efa7239236ce904bfbb2bbb0549e49db18168056c2ffb444cf3ec95ee0cc8a2d7b9322b4337dbea35c243491a3423892668a759fabd22b2bf17de1432b0409
SSDEEP

1536:zvFTzZwU22BeTU1qgAOQA8AkqUhMb2nuy5wgIP0CSJ+5yqB8GMGlZ5G:zvFTmPUnqgVGdqU7uy5w9WMyqN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3668	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 1132	1548	59860e6b9a8e34504bff0afcd94a2960_NeikiAnalytics.exe	81
PID 1548 wrote to memory of 1132	1548	59860e6b9a8e34504bff0afcd94a2960_NeikiAnalytics.exe	81
PID 1548 wrote to memory of 1132	1548	59860e6b9a8e34504bff0afcd94a2960_NeikiAnalytics.exe	81
PID 1132 wrote to memory of 3668	1132	cmd.exe	82
PID 1132 wrote to memory of 3668	1132	cmd.exe	82
PID 1132 wrote to memory of 3668	1132	cmd.exe	82

C:\Users\Admin\AppData\Local\Temp\59860e6b9a8e34504bff0afcd94a2960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\59860e6b9a8e34504bff0afcd94a2960_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1132
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3668

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
51f2edbbdc50e8e15d734cfd499c8423

SHA1
33846ceb9611969c481ff10b2224ed51e9a06977

SHA256
b12692f20d1888c30e26158c0156acd6f92d4a930f6e3e32b6158c57a34b6d83

SHA512
e427f4a8fdbad976781b51ee32de609cd7678d199f1059cc5bfedf5a74a9ecd79e3d0d3343b978b2a15cb5815b8c11657451fea79d23462904118258e47ec7b1

Download Submit
memory/1548-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3668-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download