559dd0e6b97d0be856e46ef6ade8683a3f9a5f28030cb7d694a5555ef2e2b9c0

Analysis

max time kernel
131s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 14:12

Target

ee92544dd341e4df771c7301e8cacca0_NeikiAnalytics.exe
Size

73KB
MD5

ee92544dd341e4df771c7301e8cacca0
SHA1

eac886c6faed3b8292443a90fe152d9d2f909a14
SHA256

559dd0e6b97d0be856e46ef6ade8683a3f9a5f28030cb7d694a5555ef2e2b9c0
SHA512

9fc674b6e4fc45aa1cf888ba3d6fa137ffeed7f3e7eb5a88782054a591addd2ae9938542ec0d4d716f2227ec289c0a192db302955ff2933650bbf15f31f901e5
SSDEEP

1536:hbe2f0xXOeK5QPqfhVWbdsmA+RjPFLC+e5hx0ZGUGf2g:hH0hbNPqfcxA+HFshxOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
944	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1728	2556	ee92544dd341e4df771c7301e8cacca0_NeikiAnalytics.exe	85
PID 2556 wrote to memory of 1728	2556	ee92544dd341e4df771c7301e8cacca0_NeikiAnalytics.exe	85
PID 2556 wrote to memory of 1728	2556	ee92544dd341e4df771c7301e8cacca0_NeikiAnalytics.exe	85
PID 1728 wrote to memory of 944	1728	cmd.exe	86
PID 1728 wrote to memory of 944	1728	cmd.exe	86
PID 1728 wrote to memory of 944	1728	cmd.exe	86
PID 944 wrote to memory of 3812	944	[email protected]	87
PID 944 wrote to memory of 3812	944	[email protected]	87
PID 944 wrote to memory of 3812	944	[email protected]	87

C:\Users\Admin\AppData\Local\Temp\ee92544dd341e4df771c7301e8cacca0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ee92544dd341e4df771c7301e8cacca0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:944
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3812

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
de682013d57088548fdb58c1c5c868cc

SHA1
0272306c1ae9bff26e951b3994b5bd572bc66767

SHA256
ea0466c303e8c2dddedc9d7b873fbec539fccfa5d7ae8e8540511a508ac46b73

SHA512
c71681f86175a510844d4f4422329e6b437714f21e2fbc8a8ea5ce3f8e243b51e7d1fcaf9f3af9a4e244b8a33e5e1113166ace5a95af97fff3e1e71c0f5781a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/944-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2556-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download