fb6cbdd84680342acb8f843b1c78f8ddcf9b291654ebea3e896cc22293edaec7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 12:55

Target

e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe
Size

79KB
MD5

e6ea35c989160d6feebe3a9ca3f83840
SHA1

dce5430bf74867a6c26c5546fe2e76ebf972b4cb
SHA256

fb6cbdd84680342acb8f843b1c78f8ddcf9b291654ebea3e896cc22293edaec7
SHA512

2dc42889d4691d34e243f66b4d9607202414c8b34634da3b37c4f8989bf41f5b69c4665080f3c9f79992a894424c37d00f5b2f5ece552da67d083e7a2517acf3
SSDEEP

1536:zvnkjhiUanSOQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zvnZbXGdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1800	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 3388	3616	e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe	83
PID 3616 wrote to memory of 3388	3616	e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe	83
PID 3616 wrote to memory of 3388	3616	e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe	83
PID 3388 wrote to memory of 1800	3388	cmd.exe	84
PID 3388 wrote to memory of 1800	3388	cmd.exe	84
PID 3388 wrote to memory of 1800	3388	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1800

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7b95ee6eecfac36627e23aa978916d2e

SHA1
4d3620e0d21282ac1a0cbdfad4d41a584632c6df

SHA256
6d8757da697a7f8e6d7e51e876a0632d10529c2be99e346e583b24846b08f189

SHA512
935007b0f6ace09af8bd28871d028736106adf0aff73d45f5b08580e6ed2d8f57240c8ac704ddcbf71813a51ccc10a68103c2057885f7e3a715a2ce909c747cd

Download Submit
memory/1800-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3616-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download