1c0b220570048bc2a025fcb4e89e4879a1cd374b5329fa1593d8cf1518d9f73f

Analysis

max time kernel
136s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 14:28

Target

be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe
Size

73KB
MD5

be1564dcd6fe6f29c1318281b738a170
SHA1

8277f0e78b76dbbb1e6585e156d0200810278806
SHA256

1c0b220570048bc2a025fcb4e89e4879a1cd374b5329fa1593d8cf1518d9f73f
SHA512

cbcdbd632ebf2f828b6690a0115939b4748ee91dcef6607c5c1631b417c3c406795515b9c004009522f96675f65edbb3fd0692c87007941a86973ce01e3eb90f
SSDEEP

1536:hbyfGPRcsfK5QPqfhVWbdsmA+RjPFLC+e5hI0ZGUGf2g:h+fG9NPqfcxA+HFshIOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3608	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 4004	320	be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe	84
PID 320 wrote to memory of 4004	320	be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe	84
PID 320 wrote to memory of 4004	320	be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe	84
PID 4004 wrote to memory of 3608	4004	cmd.exe	85
PID 4004 wrote to memory of 3608	4004	cmd.exe	85
PID 4004 wrote to memory of 3608	4004	cmd.exe	85
PID 3608 wrote to memory of 1572	3608	[email protected]	86
PID 3608 wrote to memory of 1572	3608	[email protected]	86
PID 3608 wrote to memory of 1572	3608	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:320
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4004
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3608
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1572

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
613f7e3d7ddb1f46bacece5f77388095

SHA1
47e828581fef3f58222bb0f2ef5a50ce920ee659

SHA256
395849bd5a1f19741d66529aba7f1af9f5d7f97ac5c5ea9bd44070113d5d7cf0

SHA512
a1b76a4e1979ddb770bce456fdbf2dfb54a24bc842e7c78624962f79246654e8bf15a7f0177bcc1d7d0e9343925d936c8b8f2a59e4899cd075c03b147331c604

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/320-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3608-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download