0f4da02045b99c6aa7fd29c91ed3755d9b7982832b6996ee2862e5e9341aeb8d

Analysis

max time kernel
130s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 08:46

Target

303900de80dd5c90c9ee861e9a0d59b0_NeikiAnalytics.exe
Size

73KB
MD5

303900de80dd5c90c9ee861e9a0d59b0
SHA1

b728e36d7ed2e7e42e2ff3613614c88315bda499
SHA256

0f4da02045b99c6aa7fd29c91ed3755d9b7982832b6996ee2862e5e9341aeb8d
SHA512

f9cd091595a71e95e53eebd0eab750cff3d649005c3d4592f0dedc3515e4853991ca8c6774d148af6bda7515c6ab4627a3d0c3c280c9177f9fb5973b263b484a
SSDEEP

1536:hbpCUCU608K5QPqfhVWbdsmA+RjPFLC+e5hq0ZGUGf2g:hlCUCX08NPqfcxA+HFshqOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
752	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 64	1192	303900de80dd5c90c9ee861e9a0d59b0_NeikiAnalytics.exe	86
PID 1192 wrote to memory of 64	1192	303900de80dd5c90c9ee861e9a0d59b0_NeikiAnalytics.exe	86
PID 1192 wrote to memory of 64	1192	303900de80dd5c90c9ee861e9a0d59b0_NeikiAnalytics.exe	86
PID 64 wrote to memory of 752	64	cmd.exe	87
PID 64 wrote to memory of 752	64	cmd.exe	87
PID 64 wrote to memory of 752	64	cmd.exe	87
PID 752 wrote to memory of 2296	752	[email protected]	88
PID 752 wrote to memory of 2296	752	[email protected]	88
PID 752 wrote to memory of 2296	752	[email protected]	88

C:\Users\Admin\AppData\Local\Temp\303900de80dd5c90c9ee861e9a0d59b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\303900de80dd5c90c9ee861e9a0d59b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:64
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:752
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2296

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
1e7834524307136da9d25f2e2f7c273f

SHA1
51a05339a67e4047cb0ff423c7d3c5c5c2fff3d4

SHA256
1e74dd460c3af6b8584b3caadeada1f05da19baed08a793b0303fa9e2834e9ba

SHA512
cd95784bee2746a5ac205de37f7847c341c6d98b8e61aa373a0f4eaee6ff49bc5f5dcc318e9699dbf26194176fd68a23057ff384d74b263da58b3e741b3541c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/752-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1192-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download