cb12436ecb802563480d6be5480ddd8807a84c9fa7180d4d2901183f69a4f409

Analysis

max time kernel
129s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 10:57

Target

fe730146fee99e2db092e75c4853c460_NeikiAnalytics.exe
Size

79KB
MD5

fe730146fee99e2db092e75c4853c460
SHA1

179ea71fd9051235ce609fbc689e398ec5f7e67f
SHA256

cb12436ecb802563480d6be5480ddd8807a84c9fa7180d4d2901183f69a4f409
SHA512

9e58448dc8fa3a06c99a41d5478f94022f793a2d8e6552df23d96c176cf871a6a7fff64d4c545ff09741bc0810280ab734ba548fd85f102f9bea21d4bcc5ec7d
SSDEEP

1536:zvgM2E1o/OQA8AkqUhMb2nuy5wgIP0CSJ+5ywB8GMGlZ5G:zvgMa2GdqU7uy5w9WMywN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1788	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 1104	3220	fe730146fee99e2db092e75c4853c460_NeikiAnalytics.exe	84
PID 3220 wrote to memory of 1104	3220	fe730146fee99e2db092e75c4853c460_NeikiAnalytics.exe	84
PID 3220 wrote to memory of 1104	3220	fe730146fee99e2db092e75c4853c460_NeikiAnalytics.exe	84
PID 1104 wrote to memory of 1788	1104	cmd.exe	85
PID 1104 wrote to memory of 1788	1104	cmd.exe	85
PID 1104 wrote to memory of 1788	1104	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\fe730146fee99e2db092e75c4853c460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\fe730146fee99e2db092e75c4853c460_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1104
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1788

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
27bfc2376a385f89fd3fa982ca427ebd

SHA1
063d0191064b788ca8fd9a777d3ea5e1b475b021

SHA256
caaa7b97274dde95aa7a6af46f4fcef31076abbdc284ff225e0f71c2447a78c8

SHA512
7f9ab20aaf8f85d5f38a855fbb9d7e60571cd155a9a3f8d40c7d549de4e36daab9fc8f64281142d2057fd9a9843387cf02fb19d1c2445f1d701a91efd4e73297

Download Submit
memory/1788-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3220-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download