b62d1195eb92ad1c6962ab99dbbfc4483285e012ae2f71e33b2d7c55d7260c96

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 01:42

Target

8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe
Size

79KB
MD5

8c338077566d1026dcb108eacad51ab0
SHA1

bc9907485a800345ca2eae64a42737166dfcf318
SHA256

b62d1195eb92ad1c6962ab99dbbfc4483285e012ae2f71e33b2d7c55d7260c96
SHA512

665ba1f90d681f3bfd7681befa9dee67c449379dc66eac754c25c4637491249ac09ebf0f4d449d62212df2246069653301136551502bf77439d7eb07f9524e57
SSDEEP

1536:zv4au8qeCIW7WU8ikh4OQA8AkqUhMb2nuy5wgIP0CSJ+5yIyB8GMGlZ5G:zvkzvIbHZhdGdqU7uy5w9WMynN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3052	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 5108	4188	8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe	86
PID 4188 wrote to memory of 5108	4188	8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe	86
PID 4188 wrote to memory of 5108	4188	8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe	86
PID 5108 wrote to memory of 3052	5108	cmd.exe	87
PID 5108 wrote to memory of 3052	5108	cmd.exe	87
PID 5108 wrote to memory of 3052	5108	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5108
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3052

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a335f495ce0e3982e1bb4b969b018afc

SHA1
c94a0afd687b671d683a9eeab57011238c1359f0

SHA256
1dff6c8faa4e398b3b11d3453bc26cb625ca227bf6f791e86eb55a9e54ba6298

SHA512
7d29a95833ddefeac49e5e90b9d9fdf693dbfa7cbada428d9b7521043863956fa5c9fc1cb3c161ad58df8277702f4c9a37b3b1e4d2304f9befb467ce69ae2807

Download Submit
memory/3052-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4188-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download