4b1dbefdeafcd680de63cc3c985b4cd131c1c3822e0a36297cd474a898dd749b

Analysis

max time kernel
130s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 08:40

Target

1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe
Size

79KB
MD5

1ff2d4579e2d7d85696b0108451c5de0
SHA1

e68a224eb6cd7de22839b17488b9a3b40d5d8933
SHA256

4b1dbefdeafcd680de63cc3c985b4cd131c1c3822e0a36297cd474a898dd749b
SHA512

21879b11c7e2824331feb57ae45bbc5dd868f13d9abe768e680abf39828392106bb49fa4bca0bd828277c668b781ecbbf01f9c781168185e42be9081e4cf51b6
SSDEEP

1536:zv3zJkiIfCOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zv9sGdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3212	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 5088	2004	1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe	84
PID 2004 wrote to memory of 5088	2004	1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe	84
PID 2004 wrote to memory of 5088	2004	1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe	84
PID 5088 wrote to memory of 3212	5088	cmd.exe	85
PID 5088 wrote to memory of 3212	5088	cmd.exe	85
PID 5088 wrote to memory of 3212	5088	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5088
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3212

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4587757611806328b2217365e25abe9b

SHA1
5ded21cfdc84fce15b33b1a6e917e327953a3c83

SHA256
76410946773f322ccab4b2e3a80383482160dd6290534ec7a22468d5a475e3f2

SHA512
6259aaad78752868138fdb047626f06c4440893275e997d3d2e6c04c230d0e06d2ae217dcac07b4a8c5d96933908e151e137a86e74271d7be7c1a5f558f5c5f7

Download Submit
memory/2004-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3212-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download