50c42995a3813533c4d7925d2916b956664bdeffe2b1a17750c9cbdaa452b118

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:50

Target

e5cc71cf2edab8e384cf9b0aa7bd04a0_NeikiAnalytics.exe
Size

73KB
MD5

e5cc71cf2edab8e384cf9b0aa7bd04a0
SHA1

8757dc49422c83c681566ad1978ec70dd00301c0
SHA256

50c42995a3813533c4d7925d2916b956664bdeffe2b1a17750c9cbdaa452b118
SHA512

fefd78a9b8e563df58da908e8396050eaf78d4596a4245cca9c1cb7579a5dca980c77f255a7043f52ca74f8bffd7e671abd0c24977e3ae1ebfde861cbdad02ec
SSDEEP

1536:hbNjSnYUgmmK5QPqfhVWbdsmA+RjPFLC+e5h20ZGUGf2g:hmYv3NPqfcxA+HFsh2Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3760	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1064	1868	e5cc71cf2edab8e384cf9b0aa7bd04a0_NeikiAnalytics.exe	84
PID 1868 wrote to memory of 1064	1868	e5cc71cf2edab8e384cf9b0aa7bd04a0_NeikiAnalytics.exe	84
PID 1868 wrote to memory of 1064	1868	e5cc71cf2edab8e384cf9b0aa7bd04a0_NeikiAnalytics.exe	84
PID 1064 wrote to memory of 3760	1064	cmd.exe	85
PID 1064 wrote to memory of 3760	1064	cmd.exe	85
PID 1064 wrote to memory of 3760	1064	cmd.exe	85
PID 3760 wrote to memory of 3232	3760	[email protected]	86
PID 3760 wrote to memory of 3232	3760	[email protected]	86
PID 3760 wrote to memory of 3232	3760	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\e5cc71cf2edab8e384cf9b0aa7bd04a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e5cc71cf2edab8e384cf9b0aa7bd04a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1064
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3760
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3232

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
4190216af5e569536f4952632a90bd9d

SHA1
eee5ce6758a1e14d6af7d45114a152135dcbe9e3

SHA256
82d54cbaa11cb1c2e44464eb7d0bef71596636726140b71871ad0f800209dece

SHA512
82be3038b5686b7fd5b201dd084fb0ca533235918f9e10cb16d2f775af58e33f4478ff68aea42030143c2eef1064d765a09330616b5d91a012104ee9174613c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/1868-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3760-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download