1256d73b1e722edbad81838ddfc3eead287c76c32909953283da820b48ac9349

Analysis

max time kernel
138s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 23:09

Target

57109917e43859dbaddf1ca273e8b490_NeikiAnalytics.exe
Size

79KB
MD5

57109917e43859dbaddf1ca273e8b490
SHA1

1be5b32a5d49482b253a6100a879ef2c24a9a600
SHA256

1256d73b1e722edbad81838ddfc3eead287c76c32909953283da820b48ac9349
SHA512

ee2dad01006af55d493b14f4ccd0185bc38e4232dae49aa04c208a8b66e6fb5542ea83a3f9458e25760621bfe7c649f157ab0e924784458acab9dc62d7049c69
SSDEEP

1536:zv8W23+5FoeWJOQA8AkqUhMb2nuy5wgIP0CSJ+5y1B8GMGlZ5G:zvHM+voeWIGdqU7uy5w9WMy1N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3228	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 1128	4820	57109917e43859dbaddf1ca273e8b490_NeikiAnalytics.exe	84
PID 4820 wrote to memory of 1128	4820	57109917e43859dbaddf1ca273e8b490_NeikiAnalytics.exe	84
PID 4820 wrote to memory of 1128	4820	57109917e43859dbaddf1ca273e8b490_NeikiAnalytics.exe	84
PID 1128 wrote to memory of 3228	1128	cmd.exe	85
PID 1128 wrote to memory of 3228	1128	cmd.exe	85
PID 1128 wrote to memory of 3228	1128	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\57109917e43859dbaddf1ca273e8b490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57109917e43859dbaddf1ca273e8b490_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1128
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3228

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4b2678f7673873b62d5a9d09a34774b2

SHA1
dc987e2b7bd639b70cde5fe1d9d6b229c23a08ce

SHA256
a74f7b2b86c1d422edae4ae5ba42c034ccf6a9a71ed89c1f80295cd7e8c1aebe

SHA512
7b6b449d106d18cd0925ca6a193949ccbe56dfaf93b4a489cf356ca4ffeb5480f3d5f856744b064807b357836896895a6e9237b15a665233b74d483155e38e6f

Download Submit
memory/3228-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4820-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download