1782ace9197c0f0ab9975ed6fbe93a42652bdb2833f7b723c45c8b9ababa9c29

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:30

Target

903b120bd6893030e54428bfeea0e590_NeikiAnalytics.exe
Size

79KB
MD5

903b120bd6893030e54428bfeea0e590
SHA1

b89c0e79fcbb8fe8d60895ed30015e3cd94f3a78
SHA256

1782ace9197c0f0ab9975ed6fbe93a42652bdb2833f7b723c45c8b9ababa9c29
SHA512

9fd27be23c59e2bdb59f18ff65b10a3468f4ea782a0cbe3419db888066ff8b28b4a03a90833033540e60c45553229a26381c886a1e886aacc476091b450fe875
SSDEEP

1536:zv0IAhkxR/QlJUOQA8AkqUhMb2nuy5wgIP0CSJ+5yTB8GMGlZ5G:zvKWxR/IHGdqU7uy5w9WMyTN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
552	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2440	2312	903b120bd6893030e54428bfeea0e590_NeikiAnalytics.exe	83
PID 2312 wrote to memory of 2440	2312	903b120bd6893030e54428bfeea0e590_NeikiAnalytics.exe	83
PID 2312 wrote to memory of 2440	2312	903b120bd6893030e54428bfeea0e590_NeikiAnalytics.exe	83
PID 2440 wrote to memory of 552	2440	cmd.exe	84
PID 2440 wrote to memory of 552	2440	cmd.exe	84
PID 2440 wrote to memory of 552	2440	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\903b120bd6893030e54428bfeea0e590_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\903b120bd6893030e54428bfeea0e590_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:552

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
aa58a312b6d5e3963c86f847c34cc5d2

SHA1
f12f5c3f11f53e38fc7f28e2d3135e34577b6825

SHA256
14421b0f0792471f285eaf6abb190198babb1c8f5625c71a0da0aba497dafacc

SHA512
fc1e1ab3b71d93e76eeba86eaa18057fe59d82f6a8241af7a6868338c37ef73cd0c467dee90d0f8dad9b2922027d594be009ef0ca8d4f2b4a2e50e82fef794e9

Download Submit
memory/552-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2312-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download