3b96fd5f9c5f06d53d988092120059b851e967b0c95ed0df418e0835298a7a43

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:09

Target

794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe
Size

79KB
MD5

794b4619915ed26dd845a184ef163500
SHA1

13acd2c1e6a44296a6a1831f717b0797883da516
SHA256

3b96fd5f9c5f06d53d988092120059b851e967b0c95ed0df418e0835298a7a43
SHA512

55a6eabb4994f58eb45915c21ce25b81104544dd956b3e0d1f463599c656516b8f16b069124044a30e2b7df5080a1942c922558d48459b1961a5c7186529ca07
SSDEEP

1536:zvOAQ/EOZ0jubUE1OQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvyCjubEGdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
864	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 4068	1504	794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe	84
PID 1504 wrote to memory of 4068	1504	794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe	84
PID 1504 wrote to memory of 4068	1504	794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe	84
PID 4068 wrote to memory of 864	4068	cmd.exe	85
PID 4068 wrote to memory of 864	4068	cmd.exe	85
PID 4068 wrote to memory of 864	4068	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4068
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:864

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d3e7d317b62a6e9edf30966622a9abad

SHA1
45bd875e4fbe9309100a2818d5aec10ff6edb992

SHA256
017fc5c1745cce88c276e27e65c365158b8ea24aa0f2ccc4dcddd1531593e7e8

SHA512
efb0cf7483522812ae851dd0867f13784f919593e273dc8bfe7bb3e61db3d7ff24032a841d8684039ec9b8b83c5f086483514c3ec9a7f746adca00e38c42a6ed

Download Submit
memory/864-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1504-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download