b91fc2cbeacc007ccd94ddda664322f8ebd44132a9cd25b71aa5857fb424d497

Analysis

max time kernel
138s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 07:03

Target

9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe
Size

79KB
MD5

9a08d7aab09cfa9611d9600fb9b6b050
SHA1

ecc2ec341eb4de86c71d832944055b0c2b588b28
SHA256

b91fc2cbeacc007ccd94ddda664322f8ebd44132a9cd25b71aa5857fb424d497
SHA512

28696714f3fa40835a8a8ad36d637a1f68758c21960972a3c5cb38f3525f5f68dbf4e52a44272980dfc3fbdcb4e0be083e5e072760fd5a0d77af7613bf382d7d
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1884	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 2464	4644	9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe	88
PID 4644 wrote to memory of 2464	4644	9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe	88
PID 4644 wrote to memory of 2464	4644	9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe	88
PID 2464 wrote to memory of 1884	2464	cmd.exe	89
PID 2464 wrote to memory of 1884	2464	cmd.exe	89
PID 2464 wrote to memory of 1884	2464	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1884

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1303059315c449c82d1fd99ea873bcd2

SHA1
8df225404ebbc81b1978a45cbf5f38fae267001d

SHA256
0179cf4893e3f7e404fef57d286080aeaecec785d7386b961f3f6c8e06e7b72e

SHA512
4379466aa3b43c1a1113ed6666159ddf1e6aeea99270083ad8a05cbb9fe054fb82dc11f79d217f907a27cde1e3ebaf3f5cc500b13b220e7860e2db1916296d1c

Download Submit
memory/1884-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4644-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download