d6b9bdcfd5f77f0ae6473f9bd77d128d95f9169fe873aaf1671c3b7b5da78ade

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 22:34

Target

2bd442d5e3b05e410874b7735bcd08a0_NeikiAnalytics.exe
Size

79KB
MD5

2bd442d5e3b05e410874b7735bcd08a0
SHA1

6a57777fdcb1e9c3e127712c2e3456f3b4dfb7f7
SHA256

d6b9bdcfd5f77f0ae6473f9bd77d128d95f9169fe873aaf1671c3b7b5da78ade
SHA512

54892e2df05fe50bfd16947f030dc8b733b9ba4844bf6f611a712aff0693ea0f3f84b45c4bd15ef86a88e9194720eae4dd0735bbf3fafb2fff5895d30ec6ba01
SSDEEP

1536:zvLdkuNQXgNOqcQqfgOQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zvJ16/Ia1GdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2876	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 2692	3940	2bd442d5e3b05e410874b7735bcd08a0_NeikiAnalytics.exe	84
PID 3940 wrote to memory of 2692	3940	2bd442d5e3b05e410874b7735bcd08a0_NeikiAnalytics.exe	84
PID 3940 wrote to memory of 2692	3940	2bd442d5e3b05e410874b7735bcd08a0_NeikiAnalytics.exe	84
PID 2692 wrote to memory of 2876	2692	cmd.exe	85
PID 2692 wrote to memory of 2876	2692	cmd.exe	85
PID 2692 wrote to memory of 2876	2692	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\2bd442d5e3b05e410874b7735bcd08a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2bd442d5e3b05e410874b7735bcd08a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2876

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8a01cf84efded93d5d5c02608582c9da

SHA1
e957de84b9ff7cc1173985f40f94dead04228a74

SHA256
2ced8e9a3bf84526eb594f96087aa5b385d27f1388a174997608094362649007

SHA512
6f795258e63391efcba5f34e55b466c4bd347dcd3dcca47e8780b221a57823463a3ea40ee83e89392b56295e9edc67c6c43683104dd6551e84788cc30a4ef453

Download Submit
memory/2876-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3940-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download