081c02ef1125360518a124335772c11c8d2a68d4c792484ebfe964b87e4dabfb

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:29

Target

a6d7837afaa8837d6c09f63e868029c0_NeikiAnalytics.exe
Size

79KB
MD5

a6d7837afaa8837d6c09f63e868029c0
SHA1

d25755b379fc08c0f88f1cd9acf6f7b646a969c8
SHA256

081c02ef1125360518a124335772c11c8d2a68d4c792484ebfe964b87e4dabfb
SHA512

1cac4b2ddc3c97d47751d6b48413b2d4554c5f11e7b320fc0224bd2c38e08b2d94d897b7a36dbc61c93b9b6befdc7da7914cf97bf112a7903ecc10faaceb9360
SSDEEP

1536:zvjIGSEX0E9jPOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zvjSFsmGdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

1436 [email protected]

pid	process
1436	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a6d7837afaa8837d6c09f63e868029c0_NeikiAnalytics.execmd.exe

description	pid	process	target process
PID 456 wrote to memory of 4636	456	a6d7837afaa8837d6c09f63e868029c0_NeikiAnalytics.exe	cmd.exe
PID 456 wrote to memory of 4636	456	a6d7837afaa8837d6c09f63e868029c0_NeikiAnalytics.exe	cmd.exe
PID 456 wrote to memory of 4636	456	a6d7837afaa8837d6c09f63e868029c0_NeikiAnalytics.exe	cmd.exe
PID 4636 wrote to memory of 1436	4636	cmd.exe	[email protected]
PID 4636 wrote to memory of 1436	4636	cmd.exe	[email protected]
PID 4636 wrote to memory of 1436	4636	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\a6d7837afaa8837d6c09f63e868029c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a6d7837afaa8837d6c09f63e868029c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:456

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c [email protected]
2⤵
- Suspicious use of WriteProcessMemory
PID:4636

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:1436

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f2fda74d5fd49e26f0dc5eec92e4c47c

SHA1
9e2cfa3250fe7c64429901d1133a24fa30d95faf

SHA256
fd0841a720c72b388dfe4bcca71351573072071837095760b42d42c3e4661095

SHA512
ab4f0a75ca07d0d01d03f7a7729e6adfe05638251d70f5d280ab54a233ac3e8f3e38d54d7d2b8627fdf3c705831b2ecd93a54ad3742996aac2531ba05f57047c

Download Submit
memory/456-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1436-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download