3937842d3f18d6f4950314d3f52c1b9f38fcf523234d4fb3081640d5013c19b0

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 03:20

Target

5af2e457250d2847c93b752a2f733330_NeikiAnalytics.exe
Size

79KB
MD5

5af2e457250d2847c93b752a2f733330
SHA1

62d343aa8f0e2d956b1043ef4a922ebac5815e3c
SHA256

3937842d3f18d6f4950314d3f52c1b9f38fcf523234d4fb3081640d5013c19b0
SHA512

b4b18fe445f141222e7cdf0b7365faf795789c393a9e76671a3e33f855306760699e211f1b8de4d89da1ff9deffe1087914c8a8d0ed2f485e1c88cf8ad1782fd
SSDEEP

1536:zvKxifeJrDfME+2+OQA8AkqUhMb2nuy5wgIP0CSJ+5y8B8GMGlZ5G:zvGifgMSGdqU7uy5w9WMy8N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3180	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1100	1436	5af2e457250d2847c93b752a2f733330_NeikiAnalytics.exe	82
PID 1436 wrote to memory of 1100	1436	5af2e457250d2847c93b752a2f733330_NeikiAnalytics.exe	82
PID 1436 wrote to memory of 1100	1436	5af2e457250d2847c93b752a2f733330_NeikiAnalytics.exe	82
PID 1100 wrote to memory of 3180	1100	cmd.exe	83
PID 1100 wrote to memory of 3180	1100	cmd.exe	83
PID 1100 wrote to memory of 3180	1100	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\5af2e457250d2847c93b752a2f733330_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5af2e457250d2847c93b752a2f733330_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1100
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3180

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d10de50c6b783a0cc8f0b10e31651033

SHA1
2eb4aa9a7f40a1eeb7e8f12dbcb67dde8b572bdd

SHA256
029d014a1391e17b722f452f70ccd2b235003ba470bcda9e9d9b77010842f77b

SHA512
17684d2d6c6f76d5fc7ed80c0420132706efbab6679778ed73a1c65d8ea9821c72b5920499c5f14019bb3c412a86348081e3395feefa97444e2150fc0396accb

Download Submit
memory/1436-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3180-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download