1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:47

Target

1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438_NeikiAnalytics.exe
Size

79KB
MD5

186c59039ac143ba953bbf566e21d750
SHA1

4b40f3c52676159084e2761b593e54835ae03c9e
SHA256

1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438
SHA512

043f396f347ed45e2dd7367428f865a6c35dc98b08fafafe48f66d0a7519aee15b96c304e6c5f4d4b54d4587a8f081e89765d3759abcc9b7254e4b236979a030
SSDEEP

1536:zvlIj2RxFr51zXOQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zvqjWFr+GdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3596	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 2724	208	1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438_NeikiAnalytics.exe	84
PID 208 wrote to memory of 2724	208	1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438_NeikiAnalytics.exe	84
PID 208 wrote to memory of 2724	208	1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438_NeikiAnalytics.exe	84
PID 2724 wrote to memory of 3596	2724	cmd.exe	85
PID 2724 wrote to memory of 3596	2724	cmd.exe	85
PID 2724 wrote to memory of 3596	2724	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1364782ac16323fc2caf358958275c375e79c8618733e7a6520597735df5d438_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3596

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ed19e321207923640d178b7e4090b012

SHA1
879ef232e1a8e167b11513c74a5a158cd141eddc

SHA256
ae22c418813962c223c3d5b453f3b0ef6140912b9d4fb412f13c38930f21836f

SHA512
61977ed1e2427a673c830d4f239d2ff815258a2b344fd010c4c0712bf1d04adac9c694e25c42fc37bf1880afc3b4bbeed18495b99490a11503567d1eeaf8ed78

Download Submit
memory/208-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3596-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download