fab992bfb91b0ee24ca521017053297eee85aa00b711080d5f7ed3d2ff67dce0

Analysis

max time kernel
132s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 14:54

Target

24f94295a399228550b3e9d8e63c35e0_NeikiAnalytics.exe
Size

73KB
MD5

24f94295a399228550b3e9d8e63c35e0
SHA1

761ddec9b043b9621ff9d46a6e9394dc9dd1969b
SHA256

fab992bfb91b0ee24ca521017053297eee85aa00b711080d5f7ed3d2ff67dce0
SHA512

985ef7c9d7f4581053db19c2cc934e8572cb7abde8bb1b744f0608c7d7c81040c8559b5b6461be2b4953f7fb7ba8fc1942e57db3adedc796ab05ad5658158b78
SSDEEP

1536:hbOcfRDzu+CK5QPqfhVWbdsmA+RjPFLC+e5h+0ZGUGf2g:hqSRe+CNPqfcxA+HFsh+Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3472	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 1324	3172	24f94295a399228550b3e9d8e63c35e0_NeikiAnalytics.exe	84
PID 3172 wrote to memory of 1324	3172	24f94295a399228550b3e9d8e63c35e0_NeikiAnalytics.exe	84
PID 3172 wrote to memory of 1324	3172	24f94295a399228550b3e9d8e63c35e0_NeikiAnalytics.exe	84
PID 1324 wrote to memory of 3472	1324	cmd.exe	85
PID 1324 wrote to memory of 3472	1324	cmd.exe	85
PID 1324 wrote to memory of 3472	1324	cmd.exe	85
PID 3472 wrote to memory of 4808	3472	[email protected]	86
PID 3472 wrote to memory of 4808	3472	[email protected]	86
PID 3472 wrote to memory of 4808	3472	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\24f94295a399228550b3e9d8e63c35e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\24f94295a399228550b3e9d8e63c35e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1324
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3472
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4808

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
2189e95cf2a76189ccf0c129fc368ba2

SHA1
63d544796d3812969861e290cff5a192febd8ce6

SHA256
a75576eea937a59d96dfb59fe74c539657da1fe552291160a33cd0f248255b06

SHA512
1c9c49c69386b7d8a8576607cf7fba88c3be938832b906d2db962b231d83ec90e990c3d0582e1f1711e61b9a97caebedcfc46402a523be9a68049b87f106129b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/3172-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3472-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download