cd2547a2fb545db7bbe87e9f4a83b0f6c7b1323b7bf4bc5e4492d7b29e163f52

Analysis

max time kernel
136s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 20:18

Target

2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe
Size

79KB
MD5

2f54ab9e9de1db21870f9864206fda40
SHA1

172986bd755f2658c564ad7ee8a517947d3b017c
SHA256

cd2547a2fb545db7bbe87e9f4a83b0f6c7b1323b7bf4bc5e4492d7b29e163f52
SHA512

b3a7855495c6bf87370e559a3dcc0dc03b847ccf7dc95a848c8a8e889f0a066caae3ec1813cb05d5293f87990c966c21ec46e614aa3bc78926e70699d4823830
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1420	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2156	2652	2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe	84
PID 2652 wrote to memory of 2156	2652	2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe	84
PID 2652 wrote to memory of 2156	2652	2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe	84
PID 2156 wrote to memory of 1420	2156	cmd.exe	85
PID 2156 wrote to memory of 1420	2156	cmd.exe	85
PID 2156 wrote to memory of 1420	2156	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1420

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bf42ef573c43a5657b7c43d08e343cd0

SHA1
40f1458a30e2356a4e27a3ad5ebd7c83ba10e5f2

SHA256
e2f3ff5844af0474228a6d8f94147952ad96f25e88065068ce8a71ddd196f3c5

SHA512
76d0726495f0777ae0a924efd4a7881c415814f82860d4f28e6c8f9d9203a3332bd0b811b072335f49eeea61be9c5995c7ff0900087c2f7017fc2575651849a5

Download Submit
memory/1420-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2652-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download