2c937b0e574f0ac89a605c4bd701f9e9ab3e59fe82c6b4d87b0b2c2dcdc81ad7

Analysis

max time kernel
140s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 10:49

Target

c8976a8ed52c9cc3359c50fee78e3a00_NeikiAnalytics.exe
Size

79KB
MD5

c8976a8ed52c9cc3359c50fee78e3a00
SHA1

cdba3b7ececd29a4ba7bb6069a1aac41a5f893e2
SHA256

2c937b0e574f0ac89a605c4bd701f9e9ab3e59fe82c6b4d87b0b2c2dcdc81ad7
SHA512

14f3a1e4aaa58a36b7b97bc0ecdbd1e4bb3c94427c0f2f732ed4fc6f9201c1af0d3623c40e83adfb977bf34c359feb6083f099d885cba62d13a8aa026d11ba70
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1448	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 1772	1028	c8976a8ed52c9cc3359c50fee78e3a00_NeikiAnalytics.exe	83
PID 1028 wrote to memory of 1772	1028	c8976a8ed52c9cc3359c50fee78e3a00_NeikiAnalytics.exe	83
PID 1028 wrote to memory of 1772	1028	c8976a8ed52c9cc3359c50fee78e3a00_NeikiAnalytics.exe	83
PID 1772 wrote to memory of 1448	1772	cmd.exe	84
PID 1772 wrote to memory of 1448	1772	cmd.exe	84
PID 1772 wrote to memory of 1448	1772	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\c8976a8ed52c9cc3359c50fee78e3a00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c8976a8ed52c9cc3359c50fee78e3a00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1448

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
45da5ebfa22b424b29a8567e4bf96dd7

SHA1
5fbd6bc72e50fa8f59b4d8def4ae1489eb3fe1f1

SHA256
5e203c744b511f3d911386ba38f368cef7dd5aa97911ed0cb881dc646363eef0

SHA512
e19e6693157337009dff202dc446430766c96f849f617bf190fe54b7f914ee966220480521786c8ff3765a7daee40d50430106f6d25e3236ca8900bc9e373d6e

Download Submit
memory/1028-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1448-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download