36904ecf24d843073b44ed123bb83b81bc2b6dbe0f00be428c39045033acd352

Analysis

max time kernel
139s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:18

Target

789bab062d67f3b970a119bfc6bf30f0_NeikiAnalytics.exe
Size

79KB
MD5

789bab062d67f3b970a119bfc6bf30f0
SHA1

3a17194f20bfab1e0455247f6c2c810afb997b46
SHA256

36904ecf24d843073b44ed123bb83b81bc2b6dbe0f00be428c39045033acd352
SHA512

e3867c2bdb0ab4eaa543e46cfd70599bf1c44372381f345796c4cd283e8ccd046351e34a7ff46af21c52e21d50e3fd41045b09e79ed99b6ccb89c5a6d670ca39
SSDEEP

1536:zvsI22EnTNfCinyHGmVJIU5OQA8AkqUhMb2nuy5wgIP0CSJ+5yYWB8GMGlZ5G:zvj22KqtVJ7YGdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1916	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 944	3684	789bab062d67f3b970a119bfc6bf30f0_NeikiAnalytics.exe	83
PID 3684 wrote to memory of 944	3684	789bab062d67f3b970a119bfc6bf30f0_NeikiAnalytics.exe	83
PID 3684 wrote to memory of 944	3684	789bab062d67f3b970a119bfc6bf30f0_NeikiAnalytics.exe	83
PID 944 wrote to memory of 1916	944	cmd.exe	84
PID 944 wrote to memory of 1916	944	cmd.exe	84
PID 944 wrote to memory of 1916	944	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\789bab062d67f3b970a119bfc6bf30f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\789bab062d67f3b970a119bfc6bf30f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:944
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1916

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
84888fa4360ad520d5898d3b4fc86cbd

SHA1
73998708a1f658f164e304c590e5c550eaf93f7a

SHA256
fd3be11850dad579d1318013f2060e5ef9f90a0253deb9a1ca3c1752841e4925

SHA512
da0d917e61de4b89b309ddc78aee44834b259242738736def553513869be1f021d4150995a9290d4701f0d92ec12c9ba69ea34dbb73f9c862749093c93b42807

Download Submit
memory/1916-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3684-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download