03897df0bd1a28cc478bb204c3abc4622492622add85d40ddc9cab0bd3faedc9

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 04:26

Target

6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe
Size

79KB
MD5

6cfa34f8c42c3cab13db74fae331f970
SHA1

3bfdba3ab9c13efd41ec7431a14604c6ca0584b2
SHA256

03897df0bd1a28cc478bb204c3abc4622492622add85d40ddc9cab0bd3faedc9
SHA512

c9e384e1aa9526388c08e8a3a86d6842c6e6746626cdb8e895810e1f9f8869ed6578e6d2e6af8e62d1502a460d8eb349a2d2886cd286175cd967c32fb90353e4
SSDEEP

1536:zvf6IcE+NURbOQA8AkqUhMb2nuy5wgIP0CSJ+5ywB8GMGlZ5G:zvEE+NmKGdqU7uy5w9WMywN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3136	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 3812	3304	6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe	83
PID 3304 wrote to memory of 3812	3304	6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe	83
PID 3304 wrote to memory of 3812	3304	6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe	83
PID 3812 wrote to memory of 3136	3812	cmd.exe	84
PID 3812 wrote to memory of 3136	3812	cmd.exe	84
PID 3812 wrote to memory of 3136	3812	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3136

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3fcca6c0b7c6cae01802ff6f7180b230

SHA1
20050c80251ed36c662caed131a308ceaf9944f7

SHA256
77159911fe5c6ed3583ea1c1e4b704f575ae4504590d3144910ca05a0fe09abb

SHA512
b72e1de42d1afa2e7a6d95ba59342b8e48fbc2d013664b215d145bc5f14ea30f92bc32ee246504664309f1cd17ddd973c0e0050e4a35e6090e76cf4388feafa9

Download Submit
memory/3136-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3304-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download