4ca72dc49b4c0fdea7150fede53cbcc8380d6628cd59c1480df368669e63f48b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 09:38

Target

89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe
Size

79KB
MD5

89caf8e89b0d7115d7a1f02341bdab70
SHA1

101c0b95b44f6de66987eacc1cc0c743fa276d28
SHA256

4ca72dc49b4c0fdea7150fede53cbcc8380d6628cd59c1480df368669e63f48b
SHA512

9ee6663248cce2223c173136cc3bc2f34f8c408ce5ccbff48e7239e33e6f6acdb982555314efb02d352ff20f8cd91ea78bd135f9e5717ee486a713f15f2bd9ef
SSDEEP

1536:zvutflb9x7eB1xqz4OQA8AkqUhMb2nuy5wgIP0CSJ+5yXnB8GMGlZ5G:zvKtb99ebQpGdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2384	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 4560	2272	89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe	84
PID 2272 wrote to memory of 4560	2272	89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe	84
PID 2272 wrote to memory of 4560	2272	89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe	84
PID 4560 wrote to memory of 2384	4560	cmd.exe	85
PID 4560 wrote to memory of 2384	4560	cmd.exe	85
PID 4560 wrote to memory of 2384	4560	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2384

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
29efed8fed2b21187642d1dd82a102a7

SHA1
5f24af93e943f90741b2a96f38010878a4b1f056

SHA256
47fef0edf9ed01cc71623d19fcbae3fb5260740fc69ebd651d442d1b05b0fc2e

SHA512
34bbabe8920ad8b0af70310f2fee4fd31f3081044505c04845329e7ec4d1be54a8d5fcc2ab40f029c5b58636bf9a2e2d54ac3ed8aea8d1055b920ab73a09ffbd

Download Submit
memory/2272-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2384-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download