8642a7b8fe3352a6248f0a9c90e5464420bf207cd59b5cb7050da136f9c0ce04

Analysis

max time kernel
131s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 08:36

Target

64c6ac3c6b5d576f7956138f0bdbdd80_NeikiAnalytics.exe
Size

79KB
MD5

64c6ac3c6b5d576f7956138f0bdbdd80
SHA1

36a766227cc45188cc45eec9ae21bbd13bde3ca6
SHA256

8642a7b8fe3352a6248f0a9c90e5464420bf207cd59b5cb7050da136f9c0ce04
SHA512

aa9cb4a0a8a26d801d5c277270d12117a32efdef656b9dbc5b07142ad7b4025572295b951ce7f91cd80210931036e9e39c88ff056026f92278f476a27f7e8854
SSDEEP

1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zv6PsoIGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3972	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 2040	4068	64c6ac3c6b5d576f7956138f0bdbdd80_NeikiAnalytics.exe	85
PID 4068 wrote to memory of 2040	4068	64c6ac3c6b5d576f7956138f0bdbdd80_NeikiAnalytics.exe	85
PID 4068 wrote to memory of 2040	4068	64c6ac3c6b5d576f7956138f0bdbdd80_NeikiAnalytics.exe	85
PID 2040 wrote to memory of 3972	2040	cmd.exe	86
PID 2040 wrote to memory of 3972	2040	cmd.exe	86
PID 2040 wrote to memory of 3972	2040	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\64c6ac3c6b5d576f7956138f0bdbdd80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\64c6ac3c6b5d576f7956138f0bdbdd80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3972

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
51c3675a1eb12c0e64f378e5a826a2ca

SHA1
f416fb18f033e7df420405646b8eb8f3c08ee324

SHA256
e6a621f7aa075721963ff8c4e10fa547bd401cf6ca63cc04d2426f7d983eb553

SHA512
d7da2ffa5f666d5bc36dfc41a10ff514a4ebc6594dbfcc7c4d1e57c456105d9116e12faf1d0b9e2dbc216aaaf326e39d1a02ffd8a68c80067a13cda59903be77

Download Submit
memory/3972-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4068-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download