fc60ae0e31c85245fcca9d336f9f5fda1fcf233659f1abfaf8166a980c0ee041

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 08:21

Target

db29dfb64768bee0476d49e5734a67e0_NeikiAnalytics.exe
Size

79KB
MD5

db29dfb64768bee0476d49e5734a67e0
SHA1

26e86e7092574b67cfb5941cb7f5abf596d5c8ed
SHA256

fc60ae0e31c85245fcca9d336f9f5fda1fcf233659f1abfaf8166a980c0ee041
SHA512

b84a23a9de8f20852c36427735df6692fdc6696ef753f0fc0c4b24a3a944a6fe9fadaf403fa2aaf9df487f2f8830df49a00f65f4c859182778fd503ab8b2a024
SSDEEP

1536:zvlmFTpp6tczOQA8AkqUhMb2nuy5wgIP0CSJ+5yGB8GMGlZ5G:zvlmVv6DGdqU7uy5w9WMyGN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2484	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 4840	4788	db29dfb64768bee0476d49e5734a67e0_NeikiAnalytics.exe	86
PID 4788 wrote to memory of 4840	4788	db29dfb64768bee0476d49e5734a67e0_NeikiAnalytics.exe	86
PID 4788 wrote to memory of 4840	4788	db29dfb64768bee0476d49e5734a67e0_NeikiAnalytics.exe	86
PID 4840 wrote to memory of 2484	4840	cmd.exe	87
PID 4840 wrote to memory of 2484	4840	cmd.exe	87
PID 4840 wrote to memory of 2484	4840	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\db29dfb64768bee0476d49e5734a67e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\db29dfb64768bee0476d49e5734a67e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4840
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2484

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
71797a0541570b6cb06fc54a73eed32f

SHA1
ee2d68a573d02b7bae06137c73b021f0617b6578

SHA256
bde52fb8481b415e3a79d82e064bdcf73293e324174b8c99ad9afadea843669c

SHA512
e24d853ccd896c0117bb909dfd83a775b0ca935cba1c9b4df2a2f65f98c9de472a8beaea8a2a8a66039236a7ffcdeb5c6198666b28397c7f28d5ce21bccf2984

Download Submit
memory/2484-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4788-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download