fd43e6b4d6b17743da4fb55572b13a7ca011c9dfc736097f9d9cbd1febee46c4

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 07:32

Target

9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe
Size

79KB
MD5

9a1db606274005f079f2db41cfdf3f20
SHA1

a3da8c961836d15da1472d0de03f7baebf6ce588
SHA256

fd43e6b4d6b17743da4fb55572b13a7ca011c9dfc736097f9d9cbd1febee46c4
SHA512

82bfebf87027ca4cc78088530c6e243b5e7995ca929809660641198ddd8a3fb426d41faee0a26dd23a4615e99b3a6d9971595219f38b0afdbd5ef17b8e4d6cb4
SSDEEP

1536:zvjRRbIyAsOQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zvlNIyAZGdqU7uy5w9WMyMN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
748	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 3940	2296	9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe	84
PID 2296 wrote to memory of 3940	2296	9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe	84
PID 2296 wrote to memory of 3940	2296	9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe	84
PID 3940 wrote to memory of 748	3940	cmd.exe	85
PID 3940 wrote to memory of 748	3940	cmd.exe	85
PID 3940 wrote to memory of 748	3940	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:748

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b13d4647f77a0711ad21c0e645189de9

SHA1
01f32c2814085e02c9b840a74ef31f0a757e9239

SHA256
622f9b967ef458a865650c487ecb3568fe6f854773401487b51b62a825a7ed47

SHA512
19d035d308bc5907a87b2237ad435767e6eeee22a402a19fb2bd15ad1829d8239c05d4c37bea2ce265841bae75e90854ff30a605dea5e1175ac461c44ed37c36

Download Submit
memory/748-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2296-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download