e17a44fb53ce14974fd699211f5e96d6064589e7ab462a30d567050bf0ca03f4

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 10:11

Target

bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe
Size

79KB
MD5

bfe0b77a44de4bad21c25f744eac5370
SHA1

9627a3c75425226d03183675553b087170814968
SHA256

e17a44fb53ce14974fd699211f5e96d6064589e7ab462a30d567050bf0ca03f4
SHA512

01eb8536c801326a0ab30fd29dac210e4b276ceaadea6a102fd0571b92997e6068f53195844f14c3b7e922a249b515cec367765e1988304189c2f9b2e9cbdf2a
SSDEEP

1536:zvAGxcVqjZf0T78OQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvAGGIfO9GdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3172	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 3788	3624	bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe	84
PID 3624 wrote to memory of 3788	3624	bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe	84
PID 3624 wrote to memory of 3788	3624	bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe	84
PID 3788 wrote to memory of 3172	3788	cmd.exe	85
PID 3788 wrote to memory of 3172	3788	cmd.exe	85
PID 3788 wrote to memory of 3172	3788	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3788
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3172

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8467b04226385eb1531871552dcb539c

SHA1
651ca4279e5021623806438633b1d2072325b49c

SHA256
ce5237f1a539c54240e3ca9c9d873743475915a488228259eee2b4237468ecf8

SHA512
b7787dfb30d840da9caeb66775bdab2258776680c7295310cd890fac1a6aacc04095272d54bdd85809eb89f71e8c993dc288e530e46f8e7e42570dbc38e47523

Download Submit
memory/3172-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3624-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download