0783365e6e517427358fcb46b8f5139f5836b72e6c64217c4287d100b4ebb252

Analysis

max time kernel
134s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 02:24

Target

7f5344b18aa96ceca9ea538c1223b410_NeikiAnalytics.exe
Size

79KB
MD5

7f5344b18aa96ceca9ea538c1223b410
SHA1

5eb2d1388f4c52cdd1522ec31b367285b92dc8af
SHA256

0783365e6e517427358fcb46b8f5139f5836b72e6c64217c4287d100b4ebb252
SHA512

812bfefe8faa6ece2501c87df092db6b3535e35683929ac9a7e48148f1027b4e4f1f7272b0780c4040456b5cc172a6844be7e0c8ee01fad8d0411b9abafcea05
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2340	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 2960	3252	7f5344b18aa96ceca9ea538c1223b410_NeikiAnalytics.exe	83
PID 3252 wrote to memory of 2960	3252	7f5344b18aa96ceca9ea538c1223b410_NeikiAnalytics.exe	83
PID 3252 wrote to memory of 2960	3252	7f5344b18aa96ceca9ea538c1223b410_NeikiAnalytics.exe	83
PID 2960 wrote to memory of 2340	2960	cmd.exe	84
PID 2960 wrote to memory of 2340	2960	cmd.exe	84
PID 2960 wrote to memory of 2340	2960	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\7f5344b18aa96ceca9ea538c1223b410_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7f5344b18aa96ceca9ea538c1223b410_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2340

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7b858b55a8c2a5b912fcf6a50a29d592

SHA1
40cb66f042968a1028383a833a062d4ac147f5bf

SHA256
74e1f1c144421fb0777947c4ad097dda9623c000ccf4146195832aae83575917

SHA512
ed41e3ac276a246e0c3ad8f80d1253800eb6428bff4e1c967ade0bde1ab991daa022843332078cb03e9a5c0dad4e22536126d849b65f263f92d9c0af0f178595

Download Submit
memory/2340-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3252-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download