7c95061151355c1a88eb7d78fd9f8d7085d7e65186f77b06b3c978292fc809c1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 23:58

Target

0e080c55ab7d9d8870af27bd474aca70_NeikiAnalytics.exe
Size

79KB
MD5

0e080c55ab7d9d8870af27bd474aca70
SHA1

c6511220a1dc8a04a14c932151df48e7bd3d8eb3
SHA256

7c95061151355c1a88eb7d78fd9f8d7085d7e65186f77b06b3c978292fc809c1
SHA512

bdc9a71ff92ae01ec8bf1c884956de5beb9200172e30cdd36fd81eecca7329f087cc3127c92f718476d6a92294235dccab8860a0b3c23dc075975ea1f8aa0dee
SSDEEP

1536:zv5F8+niQuWw7OQA8AkqUhMb2nuy5wgIP0CSJ+5ylB8GMGlZ5G:zvMEuWwqGdqU7uy5w9WMylN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4484	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 4160	1232	0e080c55ab7d9d8870af27bd474aca70_NeikiAnalytics.exe	83
PID 1232 wrote to memory of 4160	1232	0e080c55ab7d9d8870af27bd474aca70_NeikiAnalytics.exe	83
PID 1232 wrote to memory of 4160	1232	0e080c55ab7d9d8870af27bd474aca70_NeikiAnalytics.exe	83
PID 4160 wrote to memory of 4484	4160	cmd.exe	84
PID 4160 wrote to memory of 4484	4160	cmd.exe	84
PID 4160 wrote to memory of 4484	4160	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\0e080c55ab7d9d8870af27bd474aca70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e080c55ab7d9d8870af27bd474aca70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4484

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
982ffe9b47965f819e51801e3201b5f2

SHA1
8a1955b9c9cb54378cbca1aa84fab4ef394aa590

SHA256
b76a2e674be71ec281bce91f6b7be7a0dbd7c14ceca8293d644632130c6fab8f

SHA512
db90074c8fa58b980bfac393bf47c26823f367b1956c3014b098d7af2fef0a26fd919e98b3b3f6f624dd1c3b7041250254fe820962f7823d529c76e3c78bf4f7

Download Submit
memory/1232-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4484-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download