1f1596a0b9760af6bc2f87bf0b3757ed5a2da7be584d901bd57b77e40158ff10

Analysis

max time kernel
134s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 04:25

Target

abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe
Size

79KB
MD5

abe2c1946ab28ff1f776dda732274600
SHA1

0f63faa805c921c207f6169186835843123713cd
SHA256

1f1596a0b9760af6bc2f87bf0b3757ed5a2da7be584d901bd57b77e40158ff10
SHA512

13583025d2565c407a8cc6e5d7ac704be0c7f94639e0acd6cfd152356ded5408a75733ddfa83d954c9edbee41bbeb961590f76b7cb17b489087b948c567a1ed2
SSDEEP

1536:zvsbwww3DBuynr47rQk2GOQA8AkqUhMb2nuy5wgIP0CSJ+5y8BB8GMGlZ5G:zvsKDdrwJ8GdqU7uy5w9WMy8BN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1916	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1184	2352	abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe	83
PID 2352 wrote to memory of 1184	2352	abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe	83
PID 2352 wrote to memory of 1184	2352	abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe	83
PID 1184 wrote to memory of 1916	1184	cmd.exe	84
PID 1184 wrote to memory of 1916	1184	cmd.exe	84
PID 1184 wrote to memory of 1916	1184	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1184
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1916

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f793679df42f0d20f182e2161be9d8d1

SHA1
d4b8824d9ff86ad584d7208ac5381920f5fa2ce6

SHA256
f96aadfd37c39a8002fe4a859254cb5220bc61e53e722a74c1044bd009128656

SHA512
c1158bf8cedb5bf3f2d15c067f863dfe9a5ae27ae94cdaa04e3ea3888b65c8a2392ab4ded3173eb95a83beed849dfad0d9bafc3da72348382a80b08e1744802f

Download Submit
memory/1916-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2352-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download