dd9b664bb5fd1b2bf630da8fd682b2aa235dbc049177cf600e5e6eee3dca6b42

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 15:45

Target

4a7943d29f738183d3c9c691d1a9b880_NeikiAnalytics.exe
Size

79KB
MD5

4a7943d29f738183d3c9c691d1a9b880
SHA1

2ec3e787971931070bf5c588ac03ba5c19a5f4ac
SHA256

dd9b664bb5fd1b2bf630da8fd682b2aa235dbc049177cf600e5e6eee3dca6b42
SHA512

960e64623b914f27430e7c6347358165378ffdd23cb9fd5ef7deedd475e2e3c0b46b50a099f7b6cb4c832a911cb080836f42aa0aad1797c77ddbf867781abbf8
SSDEEP

1536:zvQ+tAiNw4gC3XOQA8AkqUhMb2nuy5wgIP0CSJ+5yyjB8GMGlZ5G:zvQ+9y4gC3eGdqU7uy5w9WMyyjN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2364	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 408 wrote to memory of 2024	408	4a7943d29f738183d3c9c691d1a9b880_NeikiAnalytics.exe	84
PID 408 wrote to memory of 2024	408	4a7943d29f738183d3c9c691d1a9b880_NeikiAnalytics.exe	84
PID 408 wrote to memory of 2024	408	4a7943d29f738183d3c9c691d1a9b880_NeikiAnalytics.exe	84
PID 2024 wrote to memory of 2364	2024	cmd.exe	85
PID 2024 wrote to memory of 2364	2024	cmd.exe	85
PID 2024 wrote to memory of 2364	2024	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\4a7943d29f738183d3c9c691d1a9b880_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a7943d29f738183d3c9c691d1a9b880_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2364

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c84289d5af328e0a68454935bcda4ed8

SHA1
04855d7fa3fa67be6feb85448d73e48ef3c39b24

SHA256
e578bd0cfa5123f3072dda5c9dc622ade9f8bfb6871b50caa0ced986822732ef

SHA512
5a5af6a037541c8c6e586efb53c22c12107fc163d1b039c3512ba6c397b61156a0255acbcc86d0aab0dd6d869da49af2989f6332a52b41b3ef8b5d8d14226716

Download Submit
memory/408-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2364-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download