367f2a7221a749b24df1bfc78dddc6df6db21d494e571a347b9394a91aee5381

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:30

Target

7ea37fe978800af84bf29703c88e23d0_NeikiAnalytics.exe
Size

79KB
MD5

7ea37fe978800af84bf29703c88e23d0
SHA1

acbf617fbf2b0dc87584b4c40ed887729dd3c301
SHA256

367f2a7221a749b24df1bfc78dddc6df6db21d494e571a347b9394a91aee5381
SHA512

1fdbd7f7f61a4df3f02f46badf6e04e5821b86f00a169f7c8d0fd41dbb7101de551f6058717dc9920916c98c8ae01e22e9ddbcc7e9b1034f3f90d64b1b069f09
SSDEEP

1536:zv2CgLZHzb2xsiOQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zvsLhFHGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3780	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3620	2928	7ea37fe978800af84bf29703c88e23d0_NeikiAnalytics.exe	83
PID 2928 wrote to memory of 3620	2928	7ea37fe978800af84bf29703c88e23d0_NeikiAnalytics.exe	83
PID 2928 wrote to memory of 3620	2928	7ea37fe978800af84bf29703c88e23d0_NeikiAnalytics.exe	83
PID 3620 wrote to memory of 3780	3620	cmd.exe	84
PID 3620 wrote to memory of 3780	3620	cmd.exe	84
PID 3620 wrote to memory of 3780	3620	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\7ea37fe978800af84bf29703c88e23d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7ea37fe978800af84bf29703c88e23d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3620
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3780

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9fc140096ac94fd93626c0a7a2a63616

SHA1
81429b1d6c95ff2c4281d6b427b0de1860e0627f

SHA256
22df4bd2dc8d709506e88f785c0805398a4dd61bc10dfe691f4677044faceede

SHA512
a4389fc79153879d43fa1da4e5d5796618ecf3f4ebda7c765548c97241642023883dab0326122d5ca7ca110f2deb42dbd9e32d94c0e334e47c8cc3919b2278ae

Download Submit
memory/2928-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3780-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download