19055d3d7eb3c415651e9abb4639480bb379298e47be5544cbdedaacaa8727f7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 10:04

Target

e3aace568c0aac8382109f03ea494000_NeikiAnalytics.exe
Size

65KB
MD5

e3aace568c0aac8382109f03ea494000
SHA1

f7f45b7d92503a1657b7d84cc7315345bed58d08
SHA256

19055d3d7eb3c415651e9abb4639480bb379298e47be5544cbdedaacaa8727f7
SHA512

cce0541655cfbf1335e7ad8cc87a835847c0881c788d128b54c356c578ffc440de339c4488be9f23fc1156a9b6c77d7c454bdefa875e175631c2f4710974f21f
SSDEEP

768:tCru/f9Uw/E6zy4n8uZ5tUXMJ+fROUmELY2glTbM3j+rd+fpRuO4TW7ReOOc:dRTzy48untU8fOMTI3jyYfPT4wOc

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 2300	4548	e3aace568c0aac8382109f03ea494000_NeikiAnalytics.exe	83
PID 4548 wrote to memory of 2300	4548	e3aace568c0aac8382109f03ea494000_NeikiAnalytics.exe	83
PID 4548 wrote to memory of 2300	4548	e3aace568c0aac8382109f03ea494000_NeikiAnalytics.exe	83
PID 2300 wrote to memory of 5104	2300	cmd.exe	84
PID 2300 wrote to memory of 5104	2300	cmd.exe	84
PID 2300 wrote to memory of 5104	2300	cmd.exe	84
PID 5104 wrote to memory of 4580	5104	iexpress.exe	85
PID 5104 wrote to memory of 4580	5104	iexpress.exe	85
PID 5104 wrote to memory of 4580	5104	iexpress.exe	85

C:\Users\Admin\AppData\Local\Temp\e3aace568c0aac8382109f03ea494000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e3aace568c0aac8382109f03ea494000_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\36A0.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\e3aace568c0aac8382109f03ea494000_NeikiAnalytics.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Windows\SysWOW64\iexpress.exe
    iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5104
  - - C:\Windows\SysWOW64\makecab.exe
      C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
      4⤵
      PID:4580

C:\Users\Admin\AppData\Local\Temp\36A0.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
65KB

MD5
28dd0674ec9c0b62a66a4de45f5296a1

SHA1
dc849825f3224c6c64897dd8d8179cbb84db24b5

SHA256
678338d0942e40cb03ed00386761b5bea6c0d6024ce105623d9b059f5b564c82

SHA512
9f2cfae302b94419e3d6c2cd2aae250ba546e558667c938a4160792e6052e6e4c7480b11653914d671d787d204aba2d08041a07e4e6fcf43fe84535037216ca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit
memory/4548-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4548-12-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download