9ddc6077f243321e2ab3745af533630c12b1e70ade89d1eb85598def68430c81

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 03:50

Target

62ef7b4eec3e60712247420e9ec260e0_NeikiAnalytics.exe
Size

79KB
MD5

62ef7b4eec3e60712247420e9ec260e0
SHA1

0f6450de15078cc388585a3950e5d7e8026ce3ab
SHA256

9ddc6077f243321e2ab3745af533630c12b1e70ade89d1eb85598def68430c81
SHA512

896b2ed679bce2912164637da19b7256dcfdea12019edd1ca151d3ba3bf16afbfef12cfcada9b844aa881a9a17ca03ffc5b73060d2fd7e8fafc8a71688a5a1d2
SSDEEP

1536:zv5F8+niQuWw7OQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zvMEuWwqGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2992	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 3496	4280	62ef7b4eec3e60712247420e9ec260e0_NeikiAnalytics.exe	83
PID 4280 wrote to memory of 3496	4280	62ef7b4eec3e60712247420e9ec260e0_NeikiAnalytics.exe	83
PID 4280 wrote to memory of 3496	4280	62ef7b4eec3e60712247420e9ec260e0_NeikiAnalytics.exe	83
PID 3496 wrote to memory of 2992	3496	cmd.exe	84
PID 3496 wrote to memory of 2992	3496	cmd.exe	84
PID 3496 wrote to memory of 2992	3496	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\62ef7b4eec3e60712247420e9ec260e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\62ef7b4eec3e60712247420e9ec260e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2992

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5060858c1df84dedcd602a01e0f185db

SHA1
6673c34ad5efb70959ec6ebcc524cf57d6cde575

SHA256
a92f5d9a3dc70e989790a4d577250db0f1b623b3ea5a5ab982c68df79a80db79

SHA512
1ca9e7b7e1fdb680605348b82e5d40f32a68f3e092421ed795722ec10568979a1a35f4438760cecabcb2251728b2d2e5211bd75cb9728a98b6b4e7ed917a6602

Download Submit
memory/2992-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4280-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download