3985e0e4e144e1fe13a5152c8e226b81db2bfceae5bed38f7c088c8304755ffd

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 03:47

Target

2fb0a878465e012ddcbf84c47fefbae0_NeikiAnalytics.exe
Size

79KB
MD5

2fb0a878465e012ddcbf84c47fefbae0
SHA1

2a0fd04ba98f4e021f4f22b3e393d0ea2ced6a0e
SHA256

3985e0e4e144e1fe13a5152c8e226b81db2bfceae5bed38f7c088c8304755ffd
SHA512

b42795d1695b896fc24fc54e01969e1dd4fa8628c5518f9f46843df5f1c54ad20526f0a2495c3d604f2859e22c651bd45681f2e2587591b11b6cb88a3d2cfc7c
SSDEEP

1536:zvWqMuH9dwOQA8AkqUhMb2nuy5wgIP0CSJ+5yxB8GMGlZ5G:zvWqMutGdqU7uy5w9WMyxN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3488	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 3144	4020	2fb0a878465e012ddcbf84c47fefbae0_NeikiAnalytics.exe	83
PID 4020 wrote to memory of 3144	4020	2fb0a878465e012ddcbf84c47fefbae0_NeikiAnalytics.exe	83
PID 4020 wrote to memory of 3144	4020	2fb0a878465e012ddcbf84c47fefbae0_NeikiAnalytics.exe	83
PID 3144 wrote to memory of 3488	3144	cmd.exe	84
PID 3144 wrote to memory of 3488	3144	cmd.exe	84
PID 3144 wrote to memory of 3488	3144	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\2fb0a878465e012ddcbf84c47fefbae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2fb0a878465e012ddcbf84c47fefbae0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3488

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7ae3ca44785bfedac17c522b890e0589

SHA1
9b4b210c541c2de2c047db26392eb2f34cb91fe8

SHA256
9f3b3ddf2e55ec280983ee682bd2fe556f9526adc73e0b0f8c73e4816f92161d

SHA512
c100cf19660dca5b34bb51eb67b55ec936c3454ff5658272132d3f24d21665500afab875f42e046f5670e313fab0d91a5b5feb509d0645d70e5d9587f807b6a7

Download Submit
memory/3488-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4020-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download