bffce2e35c19e104713d1d4f76b18495ece14da9543476faea879dccf59a5d9c

Analysis

max time kernel
137s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 07:49

Target

a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe
Size

79KB
MD5

a5d23a6e67e3ba4fc128f67c35ffcfa0
SHA1

415d04c0fb41610ceac9f57d867903153f2577a3
SHA256

bffce2e35c19e104713d1d4f76b18495ece14da9543476faea879dccf59a5d9c
SHA512

db999d02d7ec9440d832be256e055eeb67188814b9f84358ea5d1254488cda865e6dc9892599d369e3dc79aa229ba6ad442f6907ae673dfc7b2f842d29b4fe88
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5yvB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMyvN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
372	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3232	2388	a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe	85
PID 2388 wrote to memory of 3232	2388	a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe	85
PID 2388 wrote to memory of 3232	2388	a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe	85
PID 3232 wrote to memory of 372	3232	cmd.exe	86
PID 3232 wrote to memory of 372	3232	cmd.exe	86
PID 3232 wrote to memory of 372	3232	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3232
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:372

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c1089734b5875240918786e5c4fee8fd

SHA1
c660e5d5cde45365f844341ad9a37ea1c97c6044

SHA256
f8fad0754c0f649b8231c00b434064b30e8ad8c7a2babf58ce6c4755ebdd6f80

SHA512
054980b9976c88ad91c46075133b82fb2a00549da8aa2590d42152613ff72a58e61d4236eab6ea9916aaea02ce71b0181fca08eb15a74ca088c0d53cc406ccb2

Download Submit
memory/372-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2388-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download