81b59c92fe876fc1363ec344e724a4e4e360509ce68baed64e5bc946077a897d

Analysis

max time kernel
143s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 07:49

Target

d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe
Size

73KB
MD5

d3fd6844dd8f1105559e6e01980a27e0
SHA1

34103f02ab37bed0a8135cb1178069e905b161c3
SHA256

81b59c92fe876fc1363ec344e724a4e4e360509ce68baed64e5bc946077a897d
SHA512

d26e0bed403927fd7d7bb4508e84170c4a3b9cd5d34931e6b14f5659a29b4423f68aa5f2c408e460dc971a7f3bcab0d20a9cba2de8c62d0e6f1d7d21c267c3d2
SSDEEP

1536:hb3MNVP/sgA2JK5QPqfhVWbdsmA+RjPFLC+e5h+0ZGUGf2g:h+JkkNPqfcxA+HFsh+Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3688	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 3420	2064	d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe	83
PID 2064 wrote to memory of 3420	2064	d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe	83
PID 2064 wrote to memory of 3420	2064	d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe	83
PID 3420 wrote to memory of 3688	3420	cmd.exe	84
PID 3420 wrote to memory of 3688	3420	cmd.exe	84
PID 3420 wrote to memory of 3688	3420	cmd.exe	84
PID 3688 wrote to memory of 4300	3688	[email protected]	85
PID 3688 wrote to memory of 4300	3688	[email protected]	85
PID 3688 wrote to memory of 4300	3688	[email protected]	85

C:\Users\Admin\AppData\Local\Temp\d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3420
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3688
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4300

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
8d4d2472e3a63e07a1adfd8b7e65a32f

SHA1
abc00206672c98601e8bd8ad93cb163b60e1160b

SHA256
7b342e542582c18eef6da3ea31f79284f5d5c7c0148be0841e6b06ca21e38af7

SHA512
dc4b3bc86757fe23431793b097d6a7cd0a10fccd10f6c11e567a8446e2d804490787081945f140ee8b769f54a66d92d8737788c015ec31d799f076ecf59c0f99

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/2064-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3688-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download