0d1cd06e5e0fc404fc40f83bb0f84a75ac19e4529dfb9e2b4b49519ab7cfac53

Analysis

max time kernel
138s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:34

Target

7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe
Size

73KB
MD5

7fc8eac723c51babc30e811d12517b90
SHA1

c506d0e6ab3d47539d911821aec6082a198c8628
SHA256

0d1cd06e5e0fc404fc40f83bb0f84a75ac19e4529dfb9e2b4b49519ab7cfac53
SHA512

ef68af0f49df4cb6f07303b6a1291776cb5d03f017849479dfe6679dff23f5be6172a10b027d9c11893c66dd31c0c9a03e0f5adb475c57d67209cee49ec9d161
SSDEEP

1536:hb7nBr6k84jyqPdK5QPqfhVWbdsmA+RjPFLC+e5hT0ZGUGf2g:h3V5XLNPqfcxA+HFshTOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2000	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 872	4392	7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe	84
PID 4392 wrote to memory of 872	4392	7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe	84
PID 4392 wrote to memory of 872	4392	7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe	84
PID 872 wrote to memory of 2000	872	cmd.exe	85
PID 872 wrote to memory of 2000	872	cmd.exe	85
PID 872 wrote to memory of 2000	872	cmd.exe	85
PID 2000 wrote to memory of 4372	2000	[email protected]	86
PID 2000 wrote to memory of 4372	2000	[email protected]	86
PID 2000 wrote to memory of 4372	2000	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2000
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4372

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
cf2d80bb1bf808341d8cdaa536375258

SHA1
c0577a17d176a50ad3176f1c802347e010621cb0

SHA256
3ff81de8a187c17eeb7052a157eba37894d54b850fe58f38674b8b04619af709

SHA512
ce8408fbe3605106c838d06346007226b82100f3e7f61e0958c50171943a885f12223f00ce08d8d70ec85731718ab0b17eef9cf36ca7daa0f3da4ed30d4f717d

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/2000-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4392-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download