9a3e7e7235b86820acbdd5d468d25cdf1e21e194e88b6ecd54faf73b5b2012e5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 14:48

Target

2ec9cb1f54fd4683feb6c996b9d476b0_NeikiAnalytics.exe
Size

79KB
MD5

2ec9cb1f54fd4683feb6c996b9d476b0
SHA1

08761dff61ec3be91c0b90b8172352aeadbe09c2
SHA256

9a3e7e7235b86820acbdd5d468d25cdf1e21e194e88b6ecd54faf73b5b2012e5
SHA512

01cb88ef4a5c0e5a0b8829151ba2757f3aac9800509e7c9b5b09c199842dff29acf214ffe0e09b2dd6955788ae7af5a2b0712247bbd8c171eedec207188ae55a
SSDEEP

1536:zv1LwszB7AOQA8AkqUhMb2nuy5wgIP0CSJ+5y9BB8GMGlZ5G:zvPGdqU7uy5w9WMy9BN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2540	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 3588	2164	2ec9cb1f54fd4683feb6c996b9d476b0_NeikiAnalytics.exe	83
PID 2164 wrote to memory of 3588	2164	2ec9cb1f54fd4683feb6c996b9d476b0_NeikiAnalytics.exe	83
PID 2164 wrote to memory of 3588	2164	2ec9cb1f54fd4683feb6c996b9d476b0_NeikiAnalytics.exe	83
PID 3588 wrote to memory of 2540	3588	cmd.exe	84
PID 3588 wrote to memory of 2540	3588	cmd.exe	84
PID 3588 wrote to memory of 2540	3588	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\2ec9cb1f54fd4683feb6c996b9d476b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2ec9cb1f54fd4683feb6c996b9d476b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2540

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
699ab1233be15a28ad994e9b3b0cc829

SHA1
2e97504064001e57703a059eb89a72836a7c62cf

SHA256
719f7347de0d266fd0b71eba3920d4c9603bf8a26a4da227c09e23623dfcc782

SHA512
38bedd63813a6c3a2fa83eb67e4f2ce32b086dd1dd720370b2c6d355429347cb29bb6c4ea25925ae18ea859f31abc4b129f89a4b1a63cf58bfab4a05144a3b53

Download Submit
memory/2164-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2540-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download