d6db35a1071f105e7cffa8b539eb16831765a00db94afaeac8a71fe5aec83eaa

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 11:00

Target

cb5a9e1b0ec7f2b39c78ea8832404e40_NeikiAnalytics.exe
Size

79KB
MD5

cb5a9e1b0ec7f2b39c78ea8832404e40
SHA1

97b6ecfab92f0b10c040a174bef85311b805c8d3
SHA256

d6db35a1071f105e7cffa8b539eb16831765a00db94afaeac8a71fe5aec83eaa
SHA512

d50410d64c9fd262b5056ded61283126a2f0c41392a1f7d405b91f900757f8424c7344a0c65c43a1cdeee072a9f2ec70835cbcced22ea8518a8110947335a3e7
SSDEEP

1536:zvBUMMMNf69mmPIZETOQA8AkqUhMb2nuy5wgIP0CSJ+5yrB8GMGlZ5G:zvBUMMMNGAaSGdqU7uy5w9WMyrN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2808	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 3144	388	cb5a9e1b0ec7f2b39c78ea8832404e40_NeikiAnalytics.exe	82
PID 388 wrote to memory of 3144	388	cb5a9e1b0ec7f2b39c78ea8832404e40_NeikiAnalytics.exe	82
PID 388 wrote to memory of 3144	388	cb5a9e1b0ec7f2b39c78ea8832404e40_NeikiAnalytics.exe	82
PID 3144 wrote to memory of 2808	3144	cmd.exe	83
PID 3144 wrote to memory of 2808	3144	cmd.exe	83
PID 3144 wrote to memory of 2808	3144	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\cb5a9e1b0ec7f2b39c78ea8832404e40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cb5a9e1b0ec7f2b39c78ea8832404e40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2808

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
89cb3b5e3eb36833e724f20455254a99

SHA1
1b33468ff2c19bb76824e801ba5835959ed1d7f8

SHA256
7cb9dfe9263efd9daf2fab9166474b1069fbb6ebe6a420cd30e96bc1a9dd9d05

SHA512
8ca4503963736588b8903ee4f5898f06721308b65483e1919406bbca23dc86b85b002ea70755063632e4e1c51becaa19d5fa382e0e96f9643fbb3c2de903ad57

Download Submit
memory/388-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2808-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download