c2b0b4908c71b7e23feb554e97a10c912b6d97d509ed3ec68d523c6f4c09482b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 23:42

Target

6080669fb27ee66ea850c06faed41a00_NeikiAnalytics.exe
Size

79KB
MD5

6080669fb27ee66ea850c06faed41a00
SHA1

d31528dab3ab26f76a32f9d68ebd5e83c3a40580
SHA256

c2b0b4908c71b7e23feb554e97a10c912b6d97d509ed3ec68d523c6f4c09482b
SHA512

bae9dca823ccab0348eb90551cdb16063c6a40a262a5511565eecff7d3af7d98474ad70ab9204e155e615fc282d84fb41e4ad32629785c2ae110f1748fd6a4b8
SSDEEP

1536:zvT7uOoAwg4YQn3COQA8AkqUhMb2nuy5wgIP0CSJ+5y3AB8GMGlZ5G:zv+OoT3GdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4752	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 4312	688	6080669fb27ee66ea850c06faed41a00_NeikiAnalytics.exe	84
PID 688 wrote to memory of 4312	688	6080669fb27ee66ea850c06faed41a00_NeikiAnalytics.exe	84
PID 688 wrote to memory of 4312	688	6080669fb27ee66ea850c06faed41a00_NeikiAnalytics.exe	84
PID 4312 wrote to memory of 4752	4312	cmd.exe	85
PID 4312 wrote to memory of 4752	4312	cmd.exe	85
PID 4312 wrote to memory of 4752	4312	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\6080669fb27ee66ea850c06faed41a00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6080669fb27ee66ea850c06faed41a00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4312
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4752

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e8f3b000e1e7d5167c72775f54e9dcc7

SHA1
dd7c2a6f4e3e0b806e398ca710a46c9c262ddb8e

SHA256
da404b4a7344b3f68dc7a24d42c45355437a5724ea77a700096c7523519a20ee

SHA512
1dfb8664b328504cb395a01e9cd4e264ab7cb4d268c4eb0c8613899a70d9e8edd274388211396a9353d51c954354a4feaf0fbe4d6606c8bdf76131943f94a0ce

Download Submit
memory/688-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4752-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download