20ba5263cd34a015a7ed26d497c4a3c99de70e310465552fa517fb8d4846c5a0

Analysis

max time kernel
140s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 15:19

Target

d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe
Size

79KB
MD5

d4ddd6f451486c0e98d63b958a38fdd0
SHA1

2c69b560f4fddc2721ddd361d0e171ee8e29bd8d
SHA256

20ba5263cd34a015a7ed26d497c4a3c99de70e310465552fa517fb8d4846c5a0
SHA512

6ab27d54220b0aad7d41bd7aa33ad18e64357c5089b9df5fa325fe62d8870a75bcb455adbedb2cbdcb6f9ed6545c8d5e1be868c6aed49947ef7a15d61c185f89
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
752	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4568	4964	d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe	84
PID 4964 wrote to memory of 4568	4964	d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe	84
PID 4964 wrote to memory of 4568	4964	d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe	84
PID 4568 wrote to memory of 752	4568	cmd.exe	85
PID 4568 wrote to memory of 752	4568	cmd.exe	85
PID 4568 wrote to memory of 752	4568	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4568
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:752

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
493671a09888c1bc6b375af55f15a626

SHA1
da47f6183a3bae7eb98ace236bb10ae2225d793a

SHA256
3941ae87474e6d800051411beabce0ec01cac584080342da39c1898ed9d5ab11

SHA512
80da9564fea2b812d5fe31d5885aff8ba6d0764d50c443e1db7753d857e4ce112656c1e8384d281f7a57c7b1829ce1d53132f31d67a6c18426dcce29d0809a20

Download Submit
memory/752-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4964-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download