70011bca129753deaab997971229f6c0fa08c722c7d21a35be86407b3430e120

Analysis

max time kernel
130s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 10:40

Target

ace1caabca6df0ed667ab79bb67094e0_NeikiAnalytics.exe
Size

79KB
MD5

ace1caabca6df0ed667ab79bb67094e0
SHA1

5767b05e730f4198f6b385c0e978839f0e77696a
SHA256

70011bca129753deaab997971229f6c0fa08c722c7d21a35be86407b3430e120
SHA512

d6b3e631d5fe3b623f8ffc7f8a757b78169c4c24e7d59985e8d0f3b302220214bceab03de0f176fbcca3a60faaff1176bee7426b1468a9ad33ffa6a0d1dddd43
SSDEEP

1536:zv2CgLZHzb2xsiOQA8AkqUhMb2nuy5wgIP0CSJ+5yKB8GMGlZ5G:zvsLhFHGdqU7uy5w9WMyKN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2872	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 4840	2604	ace1caabca6df0ed667ab79bb67094e0_NeikiAnalytics.exe	84
PID 2604 wrote to memory of 4840	2604	ace1caabca6df0ed667ab79bb67094e0_NeikiAnalytics.exe	84
PID 2604 wrote to memory of 4840	2604	ace1caabca6df0ed667ab79bb67094e0_NeikiAnalytics.exe	84
PID 4840 wrote to memory of 2872	4840	cmd.exe	85
PID 4840 wrote to memory of 2872	4840	cmd.exe	85
PID 4840 wrote to memory of 2872	4840	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\ace1caabca6df0ed667ab79bb67094e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ace1caabca6df0ed667ab79bb67094e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4840
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2872

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
843f6a46ec779d103ea9998c5d981a1a

SHA1
92e4f29b18db628e4b7b0951ebffacb5829b7904

SHA256
bc959795df2f5e91719964758ca7441a671da8b778d1322c581232b2c23c5543

SHA512
ad29ac61caa8d2fb11aa6244ccb2cc50eca78d42f2a21a77513871c3575560fefa661074895ad367824b1f4adfe6e68f94a0e92446aa001494cbc53956dd090d

Download Submit
memory/2604-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2872-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download