f919580d42310fcb2a53203c6e96466329172f4b6cb70f6226f1df39d7761070

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 10:40

Target

6972f23886f8934a0decc6096cbefe60_NeikiAnalytics.exe
Size

79KB
MD5

6972f23886f8934a0decc6096cbefe60
SHA1

3c9e56f0712ca1dff512e6148003768f00ca0977
SHA256

f919580d42310fcb2a53203c6e96466329172f4b6cb70f6226f1df39d7761070
SHA512

16ee737b626f164fda8eb5c823975d7bcd2cc587997e94036b24d3f113544a54cbb1e757f1e90fa989637a84646bbe17de22a1f73914a369e24be7d6adc60f95
SSDEEP

1536:zvI+hUIvhCXa+buOQA8AkqUhMb2nuy5wgIP0CSJ+5ypB8GMGlZ5G:zvIMUV77GdqU7uy5w9WMypN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3068	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 3520	208	6972f23886f8934a0decc6096cbefe60_NeikiAnalytics.exe	84
PID 208 wrote to memory of 3520	208	6972f23886f8934a0decc6096cbefe60_NeikiAnalytics.exe	84
PID 208 wrote to memory of 3520	208	6972f23886f8934a0decc6096cbefe60_NeikiAnalytics.exe	84
PID 3520 wrote to memory of 3068	3520	cmd.exe	85
PID 3520 wrote to memory of 3068	3520	cmd.exe	85
PID 3520 wrote to memory of 3068	3520	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\6972f23886f8934a0decc6096cbefe60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6972f23886f8934a0decc6096cbefe60_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3520
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3068

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d1c42ca78aa694d916a67d85f7060472

SHA1
7fc5e435406e2a9e40ff11d389968240bf878ba2

SHA256
04a5d874710161d7a6acab9ceeb2945a13c01b0fbabfc27ebebc3294dd4e52bc

SHA512
d26e065844a71968f339569ec115eb16bf4893cf82e9985856f7159f4cc19df94ff867290880fb7b77ea6fbf3504a1c1efd0fbb275725fcd01222907c8a20c99

Download Submit
memory/208-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3068-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download