f74b322019399bc3b35fd254f75c910966a22ac507a10c76e527802139df21cf

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 07:10

Target

bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe
Size

73KB
MD5

bd1f5ab902f19cefcbe406743261a440
SHA1

f94d28e4c3771e488cd2c6d27a3e3306d952444f
SHA256

f74b322019399bc3b35fd254f75c910966a22ac507a10c76e527802139df21cf
SHA512

41102819b1b1488119b38a0d52177534afd5e8b61847df4452eccab37e4a2c49a78c59d61948442d80cb91399521b643283d34c10d6761cd90bb7c57442b3aac
SSDEEP

1536:hbdqdHQSgVsNa0PK5QPqfhVWbdsmA+RjPFLC+e5hp0ZGUGf2g:hJUMsNRPNPqfcxA+HFshpOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1448	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 2400	4152	bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe	86
PID 4152 wrote to memory of 2400	4152	bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe	86
PID 4152 wrote to memory of 2400	4152	bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe	86
PID 2400 wrote to memory of 1448	2400	cmd.exe	87
PID 2400 wrote to memory of 1448	2400	cmd.exe	87
PID 2400 wrote to memory of 1448	2400	cmd.exe	87
PID 1448 wrote to memory of 1004	1448	[email protected]	88
PID 1448 wrote to memory of 1004	1448	[email protected]	88
PID 1448 wrote to memory of 1004	1448	[email protected]	88

C:\Users\Admin\AppData\Local\Temp\bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1448
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1004

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
b9769a3c0be9c6d321a5381f32836ebf

SHA1
8e831e7e931cf7be1ce51de89da5da8c4d8bcfa0

SHA256
e223a9740c463972a36b3e8813f1ec9bc6080fcd31bffedacf7dc1e7012dfab9

SHA512
bd0ad9a7c53fd9000369eb06b695b1dddbc6160506de80fbb6ef9b46c0b6036aac4f811818009462041ccf1ddc336baf681ddf8ea5892e444fb6ea9d5dbb1042

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/1448-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4152-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download