326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd

Analysis

max time kernel
138s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 10:05

Target

326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd_NeikiAnalytics.exe
Size

79KB
MD5

e542d4eda9a0b0dca65f10c43ab800d0
SHA1

fa63d173a931f19337289a365f53a5ce4ee298b5
SHA256

326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd
SHA512

ab3528d8d2119e8d0def09f299d40900f7990c4d4888ab83b81e50720c68ba04e4bf7d193eeaa2f2f42b2c7ce6e850ec441d233cbdfcbabdc7e6916462afa8dd
SSDEEP

1536:zvtCL7dPmK9gv/OQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zvt+uKa2GdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2892	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 3020	3572	326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd_NeikiAnalytics.exe	84
PID 3572 wrote to memory of 3020	3572	326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd_NeikiAnalytics.exe	84
PID 3572 wrote to memory of 3020	3572	326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd_NeikiAnalytics.exe	84
PID 3020 wrote to memory of 2892	3020	cmd.exe	85
PID 3020 wrote to memory of 2892	3020	cmd.exe	85
PID 3020 wrote to memory of 2892	3020	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\326c3d901ac170fc28ca9aefde380863aa239d46185d69f3b3876302bbbd90bd_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2892

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1cf2fe4e472b05c2ee6dd650564b0640

SHA1
6de41b5ea473f552d49766bc5ad8afa7b34c1cc5

SHA256
e43166c4c1f45ce602b3e28e4cefb42926a061aee8e62a03648baa76a674e502

SHA512
b56014fa2a034a387e9280188a7a88e254a95de48c309298e3b5fd695dcd5bda57d27ca0f3b4ce5ec6bf584bf703f775195eb31c82c4f137a94446885d65f973

Download Submit
memory/2892-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3572-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download