7e256345100a00fb4026b355547d218f8710f67ee3e036e8cd7d41436f7b04f4

Analysis

max time kernel
140s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 07:06

Target

9ac53c2591fc3519441adcc92fbf9900_NeikiAnalytics.exe
Size

79KB
MD5

9ac53c2591fc3519441adcc92fbf9900
SHA1

8b39d08821f92aaeda7c67bfd4d6b2477b08becb
SHA256

7e256345100a00fb4026b355547d218f8710f67ee3e036e8cd7d41436f7b04f4
SHA512

0be158b3c0fd9311be86c7a4cccfb80885de32358c23b6e0c8f5086dcc91c69597899c505d6a91257d54122881b42bec6cce1e82a8adcc007de2e1f9b3581759
SSDEEP

1536:zvDsG4JxfZRe6RIFnzUmJfOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zvYc5zpJWGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3500	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2716	2912	9ac53c2591fc3519441adcc92fbf9900_NeikiAnalytics.exe	83
PID 2912 wrote to memory of 2716	2912	9ac53c2591fc3519441adcc92fbf9900_NeikiAnalytics.exe	83
PID 2912 wrote to memory of 2716	2912	9ac53c2591fc3519441adcc92fbf9900_NeikiAnalytics.exe	83
PID 2716 wrote to memory of 3500	2716	cmd.exe	84
PID 2716 wrote to memory of 3500	2716	cmd.exe	84
PID 2716 wrote to memory of 3500	2716	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\9ac53c2591fc3519441adcc92fbf9900_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9ac53c2591fc3519441adcc92fbf9900_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3500

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b8cc36e9a2dcb202adc54b40c508c027

SHA1
74f69ff4c3abe6eff2ec2e6a00addf2142d175de

SHA256
97345ddc20b8f614baf532ca5efde7550955d15c9fab3e9af0344aefeb07a299

SHA512
bf4ab1b6a1df0d07cc9cadda2ec5fad04d6325b67e8d3a7f58bd5c1f4beb4bbe25fb5f04c40c467cd081daff708aa3d2dee128d0ded058c157dce9aa5a54e93f

Download Submit
memory/2912-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3500-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download