9ca4eda56682a2689449818f54d1ca159cf2abe743af5946d9deff5804ac1c26

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 16:09

Target

e32ec3e2beb151747f5c5ae29f1e5620_NeikiAnalytics.exe
Size

79KB
MD5

e32ec3e2beb151747f5c5ae29f1e5620
SHA1

8b4a38bff2a7a6d38f807614baeb4fa9f5c27af4
SHA256

9ca4eda56682a2689449818f54d1ca159cf2abe743af5946d9deff5804ac1c26
SHA512

efbe8053da16b787657116e97004b8322fe4f85e9a840114aadf3639f4ffe55f0f06b6d2523dbdb1a300d9b795ee13c727f3fa039ea7ddea90554f83bdc38b0f
SSDEEP

1536:zvmkZZZb2LA41Wq6OQA8AkqUhMb2nuy5wgIP0CSJ+5yrB8GMGlZ5G:zvmq2LCCGdqU7uy5w9WMyrN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2348	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 1396	4800	e32ec3e2beb151747f5c5ae29f1e5620_NeikiAnalytics.exe	84
PID 4800 wrote to memory of 1396	4800	e32ec3e2beb151747f5c5ae29f1e5620_NeikiAnalytics.exe	84
PID 4800 wrote to memory of 1396	4800	e32ec3e2beb151747f5c5ae29f1e5620_NeikiAnalytics.exe	84
PID 1396 wrote to memory of 2348	1396	cmd.exe	85
PID 1396 wrote to memory of 2348	1396	cmd.exe	85
PID 1396 wrote to memory of 2348	1396	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\e32ec3e2beb151747f5c5ae29f1e5620_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e32ec3e2beb151747f5c5ae29f1e5620_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1396
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2348

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
917b7eff97d2288945c6ca6565857f44

SHA1
6e327d3e0c2329c7a39859db918d2c37c1f67230

SHA256
b29167aeadbc961612ba52899e84171d9c2e9f30ab862ddb3121a8d9a5c6c814

SHA512
38317bf67b95a39eeda42f0a7918290c8a9873563b5aa54f45a5393e314f2e4e37e0ca89a3e9cfa78d5e317e2f1c0f0bd689356c5b421c8b7e69e2f5c103ef89

Download Submit
memory/2348-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4800-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download