4531e870a69d4a25f9a34d27e4220a5f3a9fbda56af52f99995c672974d1dec6

Analysis

max time kernel
137s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 16:27

Target

efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe
Size

47KB
MD5

efc32cf29bf96b8541f1e2ceed136910
SHA1

9e78de556c6bfd93ecb9c675394ea98d3878c55e
SHA256

4531e870a69d4a25f9a34d27e4220a5f3a9fbda56af52f99995c672974d1dec6
SHA512

91e13e64b061e02db797e77a63cd027d085eba4a94df422a86465964c73a62c8a743b4d3913789c1cad156297aba3b9e62b1289b070d88a9b66caef0c3dc51a9
SSDEEP

768:ErzJKnNCzPFU7afR9g3/jbP+WbUk87ZDs0hXL/ZNbd3GOL:EsNkfRY/os0hXL/ZNbdT

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2340	rmass.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rmass.exe	efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\rmass.exe	efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
PID:1844
- C:\Windows\SysWOW64\rmass.exe
  "C:\Windows\SysWOW64\rmass.exe"
  2⤵
  - Executes dropped EXE
  PID:2340

C:\Windows\SysWOW64\rmass.exe

Filesize
44KB

MD5
53943caf98f1aff9af53a5d5c2ac00bd

SHA1
366c184a9487b98db92f2e41ece71396b7b1c7f1

SHA256
017b37aac8e7f9ce96c9dd37c55e760c5ad75d62bf962666eb98d4b20397dd58

SHA512
8167b1eb373a5f6165b6c6fc904691ce2cd2f542fbf7418bf28a6938f97d094381a0f693567d2d28b84f3cc79980a67e21163634fc7ac00b16d78a1b8806d8ba

Download Submit
memory/1844-3-0x00000000772D2000-0x00000000772D3000-memory.dmp

Filesize
4KB

Download
memory/1844-4-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download