69ad180ee7c561a12ec4a1b587c013fd336609664e854e8cc7d701b800dab6fa

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 21:32

Target

cb8475133d741fb0d1c51f30eab890d0_NeikiAnalytics.exe
Size

73KB
MD5

cb8475133d741fb0d1c51f30eab890d0
SHA1

45686645bc0e2928688296d94d200687eaf088b7
SHA256

69ad180ee7c561a12ec4a1b587c013fd336609664e854e8cc7d701b800dab6fa
SHA512

9b3f3a8c933829c3540019a85f455b188c75afd046e9cc6dc34b2bcee5f73c9acddd996cd1b0785769bba27911d8924c3cddecadf03767c887f99ae4c8bd4a4b
SSDEEP

1536:hbokyO8MUh6K5QPqfhVWbdsmA+RjPFLC+e5hZ0ZGUGf2g:hcrO7Uh6NPqfcxA+HFshZOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4192	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 492	4768	cb8475133d741fb0d1c51f30eab890d0_NeikiAnalytics.exe	83
PID 4768 wrote to memory of 492	4768	cb8475133d741fb0d1c51f30eab890d0_NeikiAnalytics.exe	83
PID 4768 wrote to memory of 492	4768	cb8475133d741fb0d1c51f30eab890d0_NeikiAnalytics.exe	83
PID 492 wrote to memory of 4192	492	cmd.exe	84
PID 492 wrote to memory of 4192	492	cmd.exe	84
PID 492 wrote to memory of 4192	492	cmd.exe	84
PID 4192 wrote to memory of 764	4192	[email protected]	85
PID 4192 wrote to memory of 764	4192	[email protected]	85
PID 4192 wrote to memory of 764	4192	[email protected]	85

C:\Users\Admin\AppData\Local\Temp\cb8475133d741fb0d1c51f30eab890d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cb8475133d741fb0d1c51f30eab890d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:492
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4192
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:764

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
c7867425dc1cbf2fc26a1dd683b5c3f8

SHA1
8e5e685c017f84d94b16df0f81117a6c4ee01afe

SHA256
7174d729319f141356c25c66d5b3e9cbb0094370470baee6873a5d164db4deab

SHA512
1e3be5f448386488858a9dd1484f80b7d8a51ab61df3a5a0d257ab99f1ba370b2891da30c14900ff9b8a9e033488a2b983ed3c373b8087c9c5410a88497222a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/4192-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4768-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download