69d228fb6f71a0fcd642e962fc48d846a86b3f0b295fe8f6ab6fc350629f80d8

Analysis

max time kernel
134s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 09:24

Target

a6e86dadc9890c4bca9df40d78fdecc0_NeikiAnalytics.exe
Size

79KB
MD5

a6e86dadc9890c4bca9df40d78fdecc0
SHA1

f127ea06718d6f13c8160899f3ef40da99ecca75
SHA256

69d228fb6f71a0fcd642e962fc48d846a86b3f0b295fe8f6ab6fc350629f80d8
SHA512

d483d5c8f33eb7e47eb3cd9ea3080a79bcdd8b4bded53677bcce280efd48096e8e0909d5a76b5791a98c01751812942cd1dc747e1ba689feeac6e13f8d753f00
SSDEEP

1536:zvG9N9jV7sPVknOQA8AkqUhMb2nuy5wgIP0CSJ+5y9B8GMGlZ5G:zv8N9jtsP/GdqU7uy5w9WMy9N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1248	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2292	2684	a6e86dadc9890c4bca9df40d78fdecc0_NeikiAnalytics.exe	84
PID 2684 wrote to memory of 2292	2684	a6e86dadc9890c4bca9df40d78fdecc0_NeikiAnalytics.exe	84
PID 2684 wrote to memory of 2292	2684	a6e86dadc9890c4bca9df40d78fdecc0_NeikiAnalytics.exe	84
PID 2292 wrote to memory of 1248	2292	cmd.exe	85
PID 2292 wrote to memory of 1248	2292	cmd.exe	85
PID 2292 wrote to memory of 1248	2292	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\a6e86dadc9890c4bca9df40d78fdecc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a6e86dadc9890c4bca9df40d78fdecc0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1248

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b66abc28b3a6c37495618994bd0ad967

SHA1
7f45db30f5e991cef6bc87328ad824e2bbfe2af9

SHA256
c49da5d67381f453fae61ceb336cb6b444a302cf1ff56fffeaba7c72c0bef052

SHA512
b6572873b379613d83752435d4dd9cb949de8dcee37fbf07f7dca46f7c080ba91153b8175f5c8212453bd4d4547c4b09c4dcb3c6fa3f30c25e9df451876425dd

Download Submit
memory/1248-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2684-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download