0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1

Analysis

max time kernel
133s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:23

Target

0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1_NeikiAnalytics.exe
Size

79KB
MD5

2b82e4a2e7a88df0b367480f011f1830
SHA1

6ee0c3bdf97574f563d40de468a029a917fc640a
SHA256

0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1
SHA512

812c7e668a745d9ac5f06f0e69e02635aaf5c4b21cc3a25db3e3cb82936680718aced2cc9e289742d23ed371f25eeb4ce938b63c447d34fe8ddf4db7d26d1120
SSDEEP

1536:zvEzb99PNHUFOQA8AkqUhMb2nuy5wgIP0CSJ+5yyB8GMGlZ5G:zvEPPNHUcGdqU7uy5w9WMyyN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4828	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 1516	3824	0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1_NeikiAnalytics.exe	83
PID 3824 wrote to memory of 1516	3824	0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1_NeikiAnalytics.exe	83
PID 3824 wrote to memory of 1516	3824	0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1_NeikiAnalytics.exe	83
PID 1516 wrote to memory of 4828	1516	cmd.exe	84
PID 1516 wrote to memory of 4828	1516	cmd.exe	84
PID 1516 wrote to memory of 4828	1516	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0470807ca44a272746482ee116ff7c321b2eb6dd6d5e6881c4167f776350dbf1_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4828

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a39083d6cb50b63e9d42756e5e66e83d

SHA1
a9adb6217ecbd6ba2a281b78b939f8c6e3f8cbe8

SHA256
e3c632769c236be0f465ce27613d60694c91fcd471675838ad813101fdff814a

SHA512
d5ffed53ffdc8e17cb294bf6f09c5e389125758db67c48da0bbf3b0431268cd1ffb6e0c342579889247614aae92358c9d632ebe52afbac7dd4760a02e7d6c161

Download Submit
memory/3824-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4828-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download