a60fc63d07c75e5bbf936519f01f59306fd22174a9f3a79dc5a9cbb111de7744

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:41

Target

42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.exe
Size

59KB
MD5

42b5c7d853ad2bebeb89917c0f2d0240
SHA1

3944d48434a8d2cf892f642eb4b8b301e3bfae25
SHA256

a60fc63d07c75e5bbf936519f01f59306fd22174a9f3a79dc5a9cbb111de7744
SHA512

8255fb29df27bcb4e0530be2e8c84ddcb39efa7558e8bb8be9101c630ac648dff026a24d28f54a9509333e620e008972b1acbb8af202099c66841c5246149d88
SSDEEP

768:BCbu/fSUw/d6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRfLTWLReOORuk:RKAzy48untU8fOMEI3jyYfPDEORuk

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.execmd.exeiexpress.exe

description	pid	process	target process
PID 1556 wrote to memory of 1892	1556	42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.exe	cmd.exe
PID 1556 wrote to memory of 1892	1556	42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.exe	cmd.exe
PID 1556 wrote to memory of 1892	1556	42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.exe	cmd.exe
PID 1892 wrote to memory of 752	1892	cmd.exe	iexpress.exe
PID 1892 wrote to memory of 752	1892	cmd.exe	iexpress.exe
PID 1892 wrote to memory of 752	1892	cmd.exe	iexpress.exe
PID 752 wrote to memory of 2632	752	iexpress.exe	makecab.exe
PID 752 wrote to memory of 2632	752	iexpress.exe	makecab.exe
PID 752 wrote to memory of 2632	752	iexpress.exe	makecab.exe

C:\Users\Admin\AppData\Local\Temp\42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1556

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4C7A.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\42b5c7d853ad2bebeb89917c0f2d0240_NeikiAnalytics.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:1892

C:\Windows\SysWOW64\iexpress.exe
iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
3⤵
- Suspicious use of WriteProcessMemory
PID:752

C:\Windows\SysWOW64\makecab.exe
C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
4⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\4C7A.tmp\1.bat

Filesize
1KB

MD5
02dba5f37067292355c6d01a57d4ef48

SHA1
7c67ab3f99fbf7a53018dd295d2968c525db83d9

SHA256
8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

SHA512
12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\popup.sed

Filesize
59KB

MD5
55a2bc105cab41b3d82ef645e849451e

SHA1
2b2d8614ea2044d67d82fa74046966146348df4b

SHA256
5735167b6a9175ef4fd41b30712f47a4cf5c18a9dea196ffc2fa78bfc25b3f99

SHA512
fc6653ef1fb3a0ec347cfd821d5cc21b9f296dadba82829d2c0ed3ddd98d0439d1e9e8aabbdfd8cf2dc8eed484b81d4b4befb402b0282f82d2a2932e9e8b9116

Download Submit
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

Filesize
724B

MD5
c3ca008abd6997c4b036a7e8be75cb2c

SHA1
05f7a3527bb04c691b08f040f562582035398829

SHA256
29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

SHA512
bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083

Download Submit
memory/1556-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1556-12-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download