d449b3c22920dcd6cfbb4605f2f225edb495a7300eda04e7f10b8b87276e9651

Analysis

max time kernel
93s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:38

Target

e2eaada65b35e44941ce32047b9ae6f0_NeikiAnalytics.exe
Size

79KB
MD5

e2eaada65b35e44941ce32047b9ae6f0
SHA1

87f2cdc0f3f8c7d7e424e87647eac73c17acd882
SHA256

d449b3c22920dcd6cfbb4605f2f225edb495a7300eda04e7f10b8b87276e9651
SHA512

4b1dcedf5b215c33a3f28b3a82fd25d76747aa8107102dd341f748d8612c36c34bdce27c9a046739388549606516c6470ebdcb6fc87b7999355f8a53814fe5c9
SSDEEP

1536:zvQFxWrhuqoWnMxOQA8AkqUhMb2nuy5wgIP0CSJ+5yDB8GMGlZ5G:zvQFx/0MAGdqU7uy5w9WMyDN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4064	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 1284	916	e2eaada65b35e44941ce32047b9ae6f0_NeikiAnalytics.exe	83
PID 916 wrote to memory of 1284	916	e2eaada65b35e44941ce32047b9ae6f0_NeikiAnalytics.exe	83
PID 916 wrote to memory of 1284	916	e2eaada65b35e44941ce32047b9ae6f0_NeikiAnalytics.exe	83
PID 1284 wrote to memory of 4064	1284	cmd.exe	84
PID 1284 wrote to memory of 4064	1284	cmd.exe	84
PID 1284 wrote to memory of 4064	1284	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\e2eaada65b35e44941ce32047b9ae6f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e2eaada65b35e44941ce32047b9ae6f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1284
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4064

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5332285962f1e903a4bdd39bd0dcc271

SHA1
3c328f1792d8f52e265e5d926363b2c270b7758a

SHA256
658f3425df8e2d4cafe2f83e04a5c74f2ec2833cc507b8f8a82881e4595df0e8

SHA512
2c88643b859050ee1fb59d5d68779d743d0202b7036a6c8e1b92c154cea3a5c67ca5dea7939f905cb54c1145ffef493ec79c1c69c0caf35167027b805e027872

Download Submit
memory/916-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4064-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download