5000e8ed0447b436236a543f51bc991d3765ffde6fef9e58b669e8db267085d1

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:29

Target

6da4f7a136494bc016e0bf3569268b30_NeikiAnalytics.exe
Size

79KB
MD5

6da4f7a136494bc016e0bf3569268b30
SHA1

72f9c3d59587bee5ddcde440d9f249043ce1e5c6
SHA256

5000e8ed0447b436236a543f51bc991d3765ffde6fef9e58b669e8db267085d1
SHA512

07899cc61c67077c9bdc8b5161b1886de6cac73384d6da55fb48166f1bc8d147af02037bded6761ad460e98da6589b546069f53941ada95744a432bfb99fba47
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5y+B8GMGlZ5G:zv652PjGdqU7uy5w9WMy+N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
432	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 4364	3536	6da4f7a136494bc016e0bf3569268b30_NeikiAnalytics.exe	82
PID 3536 wrote to memory of 4364	3536	6da4f7a136494bc016e0bf3569268b30_NeikiAnalytics.exe	82
PID 3536 wrote to memory of 4364	3536	6da4f7a136494bc016e0bf3569268b30_NeikiAnalytics.exe	82
PID 4364 wrote to memory of 432	4364	cmd.exe	83
PID 4364 wrote to memory of 432	4364	cmd.exe	83
PID 4364 wrote to memory of 432	4364	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\6da4f7a136494bc016e0bf3569268b30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6da4f7a136494bc016e0bf3569268b30_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4364
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:432

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4575c7d40e70c0dd61afd90e783acedf

SHA1
4cd067cbcc037d130f4a28eceddcbabee1bb7de2

SHA256
be7c3a6616c7ab2ae062ca92474e61ffe6abec2334c2b7c39ff09a22314ae720

SHA512
1756c573d14ed97543e6ef9c5beb897d8496841d91fd5165cdf9e6d87175ec808f08ef9247cebdb8f23370bc85e4dad5fcfcd017222ca9a8cea4b7fa20169eb2

Download Submit
memory/432-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3536-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download